Windows Analysis Report
http://161-35-123-255.ipv4.staticdns3.io/

Overview

General Information

Sample URL:	http://161-35-123-255.ipv4.staticdns3.io/
Analysis ID:	1592280
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Suspicious form URL found

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://161-35-123-255.ipv4.staticdns3.io/

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: http://161-35-123-255.ipv4.staticdns3.io/img/logo.png	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/css/styles.css	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/assets/Valida_Digito_Verificador.js	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/js/jquery.min.js	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/img/background.webp	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/img/favicon-16x16.png	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/css/style.css	Avira URL Cloud: Label: malware

Phishing

AI detected suspicious URL

Source: URL

Joe Sandbox AI: AI detected IP in URL: http://161-35-123-255.ipv4.staticdns3.io

HTML body contains low number of good links

Source: http://161-35-123-255.ipv4.staticdns3.io/

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: http://161-35-123-255.ipv4.staticdns3.io/

HTTP Parser: Title: BDVenlnea personas does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Source: http://161-35-123-255.ipv4.staticdns3.io/

HTTP Parser: Has password / email / username input fields

Suspicious form URL found

Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php

Source: http://161-35-123-255.ipv4.staticdns3.io/

HTTP Parser: <input type="password" .../> found

Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="author".. found
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="author".. found
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="author".. found

Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="copyright".. found
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="copyright".. found
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49739 version: TLS 1.0

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49739 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 10 Nov 2024 21:06:11 GMTETag: "11928-626955a8656c0-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 9653Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3d db 6e e4 46 76 ef 0b ec 3f d0 6d 18 d2 78 c5 be 49 1a 69 34 92 d6 97 b1 77 37 c8 da c6 8e d7 c8 62 60 0c d8 64 75 37 47 6c 92 26 d9 d2 cc 64 1d 20 5f 10 e4 0b 82 7d cc c3 3e 04 79 c9 5b 80 f8 83 92 4f c8 39 55 c5 5b 5d c8 22 9b ad b1 bd a2 3c ee 6e b2 58 75 ea d4 a9 73 af aa cb 75 b6 09 ac c0 09 57 57 23 92 8e ae 7f f9 8b 5f fe e2 72 4d 1c 0f be 59 70 5d 6e 48 e6 58 ee da 49 52 92 5d 8d b6 d9 d2 3e 1f e5 cf 32 3f 0b c8 f5 27 cf be 21 61 f0 c3 5f 43 e2 58 31 49 d2 28 74 d2 cb 09 7b c6 0b be 67 db d6 a7 1f 7f fa db cf 2c db ae 55 bc ce b2 d8 26 df 6d fd db ab 91 eb b8 6b 62 bb 51 98 25 51 30 b2 f0 0b 09 a1 cd 8d f3 da 76 56 e4 6a 3a ea fc 6a 18 d9 f4 91 fe 4d f2 3a f6 13 e8 78 f9 4e d9 0c 40 6d f2 c2 d7 5b 72 64 4d 67 d6 df 39 a1 35 7b 72 3e b5 66 17 d3 29 fc 67 fd e6 f7 5f 8f ac c9 75 43 97 e3 c4 59 6d 9c 56 80 43 67 43 ae 46 ab 28 5a 05 a4 56 38 4b 9c 30 0d 9c 8c 54 61 b6 fe f0 d9 f3 af be fc e2 f9 ef be f9 52 44 37 ab e8 d6 27 77 71 94 64 95 aa ee 7c 2f 5b 5f 79 e4 d6 77 89 4d 7f 1c 59 7e e8 67 be 13 d8 a9 eb 04 e4 6a 56 34 91 ba 89 1f 67 56 9a b8 57 a3 57 e9 e4 d5 77 5b 92 bc 19 6f fc 70 fc 0a 08 e8 72 c2 9e e7 a5 03 3f bc b1 12 12 5c 8d d2 ec 4d 40 d2 35 21 d0 f0 3a 21 4b 18 b6 34 9d d0 bb 63 f8 36 ea f4 46 aa 7b 65 0d 1d 73 b7 99 e5 43 df f2 b7 fc cd 6a b2 74 6e f1 96 3d 7b fc 7a f6 78 1c 87 ab 91 95 bd 89 09 3e 04 e2 9a bc b6 e9 0b 0a 6c 6d 52 27 8e 03 df 75 32 1f 5e ff da 0f c8 a7 51 10 25 15 e4 bd ef 39 a7 c7 73 57 f5 72 b6 26 1b 24 4c e1 85 25 bd 4a 8c 62 8f f8 0f bc d6 c7 2f 5e 86 2b 5e dc 76 a7 df 1e 95 cf b2 b5 f0 cc fa c7 f2 21 5e b4 b1 0b eb fd e9 f4 f1 d9 62 56 3e fb 1e a7 76 fe e3 a3 0d f1 7c 98 ae 89 1f 66 62 05 e3 30 a2 f7 ed 94 b8 d8 e7 96 f6 f0 f2 fc 34 0e 9c 37 17 56 18 85 c4 7a cf df 20 79 39 61 56 2f f9 7d 0d 18 da f3 49 b5 eb 12 1e de 4f 63 3f 0c 49 52 83 60 26 41 90 45 f1 85 35 7d 5a bf 19 90 65 26 df 5d 13 7f b5 86 fb b3 e9 f4 03 e1 11 a5 7a e5 93 38 4a 7d 44 c4 85 b5 f4 5f 13 4f 78 fa d6 f6 43 8f bc be b0 9e c0 25 3c 8b 62 c7 f5 33 c0 cb f8 4c 78 b2 70 dc 9b 55 12 6d 43 cf ce 07 6c 39 c3 3f a1 5c 81 d9 65 40 5e 0b cf 9c c0 5f 85 b6 9f 91 4d 7a 61 b9 80 1c 92 08 25 5e 6d d3 cc 5f be b1 39 f2 f2 52 1a a2 18 53 48 88 67 c7 4e 02 e5 8e e4 27 d7 9e 7f 2b 62 5f d1 93 e3 e3 e3 ae 43 3d 4e 6f ec 3b e7 96 d4 86 fa 89 34 d4 e5 50 c0 6c 87 19 79 4b 9e 2a 68 e1 54 1a c2 8d 93 ac 7c 78 cb d9 66 91 7a dc 4f a7 b1 88 df 9c 58 4e e4 47 19 79 9d d9 14 ff 1a cc 2f 23 9c 40 fe 5b 82 14 15 bf d6 61 5c d3 6b bc 9f c0 ec 6b c1 c6 32 88 1c 80 0f 49 5d d9 5f 3b e1 d4 ae ed 9a 7e 1e 3c 96 de 29 48 d1 0f 81 df 12 7b 11 44 ee 8d 50 c6 be 23 8b 1b 1f 50 13 02 5b 65 03 35
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Fri, 14 Jun 2024 11:17:52 GMTETag: "52362-61ad7c42f7800-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 31105Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed fd 69 73 a3 c8 b6 28 0c 7f bf 11 f7 3f 78 9f 13 1d a7 aa 4b 92 05 9a 5d b1 77 dc f2 6c 97 e7 d9 ee e8 77 07 12 48 c2 46 82 02 64 cb de 71 9e df fe 66 32 26 39 91 20 64 cb dd 54 77 75 db b0 72 e5 9a 73 e5 ca 81 71 e3 8f 7f 4f 47 03 73 ea 6a 53 b7 3a a8 ff 59 59 73 c7 d8 a3 ff fc df ff b3 06 fe 0c 4c c3 b4 37 fe bb 5e 6f 77 fa d2 ff fd 3f ff fb 7f ff cf ff 9b 68 aa ae ac 59 b6 3e 75 03 a0 da d4 f4 7e ad 3a da c0 d5 cd 29 1d 15 fc a3 ea 8e 65 28 af 1b 53 73 aa fd 43 9f 58 a6 ed 2a 53 d7 7f ff bf 1e fa b5 ff 76 2c 7d 3a d5 ec 04 12 29 44 e2 9a d6 46 fd bb ff b3 a1 0d dd e8 97 b1 a6 8f c6 ee 86 54 af ff 16 3c 79 d1 55 77 8c 3e b0 4c 47 87 e4 6d 0c f5 b9 a6 06 0f df aa fa 54 d5 e6 1b 3d f0 27 78 64 5a ca 40 77 5f 37 6a 9d e0 41 5f 19 3c 8d 6c 73 36 55 ab 81 3c 86 12 fc 27 78 1d 32 35 34 b4 79 f0 48 31 f4 d1 b4 aa bb da c4 d9 18 00 0e 34 3b 78 f1 38 73 5c 7d f8 5a 0d 38 0b 5e fa 9c d7 3c e4 9a 5a b5 14 1b 3c ae 44 0f fe a5 ea cf ff 61 91 d2 68 34 bc e6 35 e7 a9 fa a2 3c 6b 09 b9 f5 42 b9 45 bc db 9a a1 b8 fa b3 f6 3d 96 67 2b 92 d0 44 b1 47 fa 74 43 99 b9 66 42 88 ad ba 35 4f ca b9 19 3f 71 b5 b9 5b f5 18 4e b2 3a 34 a1 45 e8 6f 1a d0 81 35 e7 d1 b8 06 9f db c0 76 e8 b4 0f 0d 53 71 37 a0 b6 13 64 56 6d 5f e3 38 69 84 09 b4 23 88 50 53 fa d4 d0 a7 5a b5 6f 98 83 a7 e0 55 f5 45 eb 3f e9 80 91 a9 3e 51 3c 49 49 35 d9 59 d3 14 47 03 16 52 35 67 ee 9a 3e 1d ea 53 a0 d3 b5 80 8b 4b d7 d6 dc c1 78 1b 48 f4 35 d4 7b be d6 42 c2 91 e8 d2 21 08 af aa 10 e5 46 15 52 80 93 85 be 13 ea 54 ce dc a9 c4 e9 54 12 eb b4 91 b5 53 76 97 62 1d b6 32 76 58 eb 32 7b 04 af 84 ba 6c 66 ed b2 c7 ee b2 e7 77 f9 ff c2 c6 4f da eb d0 56 26 9a 43 b3 b5 a0 a3 fa 6f 15 e8 28 95 66 fd 37 24 3e 87 18 5c 5b 99 3a 43 d3 9e 6c 38 03 c5 d0 ee bf d4 9a 5f bf c7 60 b4 d7 51 10 87 ff 93 c5 b0 4a 5c a4 52 8c 13 72 f7 97 e4 0a 68 b2 0a df 56 87 ba 66 a8 c9 31 2f 1a 39 e3 91 cc 6b 03 e1 19 90 41 00 d7 a7 63 cd d6 dd 78 84 8d 02 e7 bc ea 23 23 20 7c a3 35 4c 18 58 21 62 45 27 c6 e0 a8 17 f3 59 b3 41 50 7e d9 18 eb aa aa 4d 99 a3 a4 a6 c2 7f c8 d7 c0 7e 47 da c6 cc 36 be d4 6a eb de 2f ce 7a fc ba f6 68 8d be 92 8d a2 11 cc 1f 64 d6 12 63 0d 02 e7 8d 38 03 48 22 f9 ce d6 2c 0d 0c 25 53 33 f8 89 18 38 9e c7 be 1c fa c6 8c c5 7c 8c 6e c3 1e f5 95 2f 72 ab 55 09 ff d6 e4 90 f0 d0 38 20 b4 6a 9b 16 d0 af 01 c8 dd 80 88 bf c8 d6 1c 65 90 f7 1e 25 8d c8 6b a8 3a ab 7a c3 65 d5 17 0f 83 07 6a 26 94 4c 05 bc e4 4a 6e 25 47 d2 f8 f7 80 2e 24 53 20 dd c1 fb 09 64 1b da 97 2a c0 5b 81 ff 09 d9 12 02 a2 a4 5d c3 61 f8 ce 9c 57 9d b1 a2 02 23 ac af b5 ac f9 1a cc 31 d6 ea 6b 9e 4a ea 15 f8 4f 2d f2 c3 ea c4 7c ab 66 6b 11 aa 2f 53 23 33
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 10 Nov 2024 19:11:39 GMTETag: "2a5f5-62693c0ebf0c0-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 41031Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 dd bd fb 77 db 46 b2 20 fc fb 9e b3 ff 03 88 f1 9d 01 2d 8a 96 9c 99 d9 1d da 8e 8e 23 db 49 e6 c6 89 13 39 af 4b 29 39 10 09 4a 88 49 80 01 40 3d 12 f9 fe ed 5f 57 55 bf bb 1a a4 3c b9 77 f7 5b 9e 63 8b 04 fa dd d5 d5 f5 ae 47 0f 07 c9 2f 5f 6f 8a e6 36 b9 fa 68 fc b7 f1 61 72 97 64 b3 61 f2 cf 93 e4 55 bd a9 e6 79 57 d6 55 92 57 f3 a4 ee 2e 8b 26 99 d5 55 d7 94 e7 9b ae 6e 5a 51 f4 97 5f a1 ea b8 6e 2e 1e 2d cb 59 51 b5 45 f2 f0 d1 ff fc 1f 83 6c b1 a9 66 58 35 2b 46 49 37 4c 7e ff 9f ff 23 49 d2 8d 78 df 8a fa b3 2e 7d 82 0f ea f3 5f 0a f1 23 79 f6 2c e9 6e d7 45 bd 48 56 f5 7c b3 2c 92 3f ff 39 fe 72 5c dc ac eb a6 6b a1 85 24 39 4a 32 f7 71 f2 2c 29 c6 f3 7a b6 59 15 55 47 65 a8 5c 07 63 19 1c 0c cd b3 49 62 8d 53 0e d2 7c ca 45 92 0d 4c 53 43 f7 6d 92 74 97 4d 7d 9d 54 c5 75 f2 b2 69 ea 26 4b e5 42 36 c5 af 9b b2 29 da 24 4f ae cb 6a 2e ca 5c 97 dd a5 f8 a5 5a 4a 87 4f dc b6 9a a2 db 34 15 0c d0 7d f3 5e f6 39 51 af de 0f b3 54 ec 4a b1 28 ab 62 9e 26 03 bd 32 b2 a3 23 f5 45 d4 b8 2c db 91 35 bf e3 51 52 c4 f6 e1 2a 6f 92 4e ac db f4 6c 44 1d 36 e2 c7 57 b8 fc e3 8b a2 7b d3 d4 5d 0d 1d 7d b5 90 ef 61 91 bb 71 0b 7b 2e 9f 5c e0 93 c5 32 d7 4b 7e d4 b3 b8 6a c2 58 61 3c cb 97 4b 77 ea ef d5 d7 be 1d d2 8d 08 a0 9c 89 66 f2 f5 7a 79 9b 89 39 24 6e 5b 72 84 1b 1c e1 7a d3 5e ca 07 25 3e 10 eb 55 dc e8 89 55 e2 d9 ef aa 46 2d 7e 54 e3 ae 3e 11 4b 55 5d c8 87 57 f8 f0 32 6f bf ba ae c4 c2 ac 8b a6 bb 95 af 72 f1 ea ca 2f bf 14 0f 73 9a 22 ad e8 50 be b8 b5 bb 5a 89 1f fc 4c e5 2c 53 f5 d6 3e 0f 74 4e aa cd ea bc 68 6c 68 28 c6 55 3d 2f de 8a 1f 72 1d 54 37 37 db ba a9 36 cb 25 34 84 2d 17 a2 2b 38 4c 04 53 5e 53 2f 45 53 c7 fa 70 c8 87 33 98 13 8e 62 22 4e da 28 69 9b 19 7d a9 c4 16 15 ea eb 6b 3c af f0 2b 79 8f ad ea 21 9d 23 ba 10 65 f4 c8 00 34 9b 91 1a 65 a9 bf c1 de 64 b0 5b 55 72 77 97 bc 1c 8e 67 4d 91 77 c5 cb 65 01 c3 c9 d2 76 d6 94 6b 73 d2 e0 2c 67 59 3d ee 8a 1b 00 f4 62 08 58 49 9f e8 45 dd 24 59 93 94 55 32 b3 4e 79 86 00 32 6d ce a0 87 0c 4f c2 f3 8e b0 1f 2e 8f fb 24 6b 86 c3 a1 78 6c 43 68 3d 6e 9d 12 a3 a4 54 03 12 20 54 e4 73 80 d9 a2 9a 1f 5f 96 cb 79 56 0f c7 eb bc 11 a3 ff 52 6c de b8 29 56 f5 55 a1 de 60 ad f7 ce 5a 5d 5b fb 67 ef 1e 6c 99 39 83 45 b2 97 a4 a9 39 4e 0c 56 2d 60 7e 3c 7c 99 76 aa 69 ad ce 29 ae 87 6a c7 b4 ac ea 98 a1 c2 de 2d c4 1a a6 78 b3 a4 72 ef 4e 5c 18 34 d7 83 3d 11 81 54 4f c6 8b 4a 9c ce b2 a3 32 0a fc 5c 80 59 5b 8b a0 b0 d8 60 40 e7 62 59 54 17 dd 65 0a db 4a e0 3c a6 27 1a 86 00 7c ae 0d e2 91 7d 67 ea f5 60 05 8d 9b 1d 1d dc b8 bf b3 34 6f 9a fc 36 c5 53 02 60 68 b6 fe 00 9f 75 ce b3 4c 1f 54 b3 c0 1d 8c eb 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Thu, 13 Jun 2024 19:21:34 GMTETag: "127c-61aca6830ab80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 540Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 95 df 6f 9b 30 10 c7 df 23 e5 7f e0 2d 6d 57 87 b3 f9 91 c0 5e 86 09 96 aa 6d 8d 34 69 53 5e 11 83 14 89 c0 04 4e bb 68 da ff be c3 b6 52 55 7d 6a c4 aa 28 c9 8b 4f 5f ce d8 dc 47 77 7c ed 1b 2b db b5 65 55 95 19 c9 7f 4b eb c6 1e 8f 3e 15 4d 2d 49 91 66 b9 f5 67 3c b2 2c 23 37 65 b5 0b ad c9 fd b6 2e 65 33 f9 b8 cf 74 72 57 e5 a1 55 37 ed 26 ad 9e 1f 3f e5 e5 fa 41 86 96 03 a0 1e 76 6d 16 5a db b6 ba 7a 90 f2 57 17 da 76 bf ab 9b ae 3b 99 ca 32 9b 66 cd c6 ee ec 5a 1d 6e 3f 32 cf 5e 7d 5b fd 70 ee fc 2f 25 50 fe b9 29 ee 96 cb 94 af ba 66 fa d4 14 05 bb c6 3b f0 3a 79 35 51 72 72 ad ae c0 97 b3 e6 67 4e da b4 5e e3 17 7d ff 00 ae 0f 04 3c 26 6e 51 d0 78 0e 04 97 79 2f 18 70 57 c5 45 02 84 2d 84 da 11 f9 2e 90 c8 0f 94 10 09 4b 08 2e 02 8f fe 3b 1e d9 cf a0 8e 18 d2 d7 fc 00 48 0e d0 5b 05 0b 10 96 eb 09 2d 82 5e 04 26 c3 7b c1 95 60 94 fa 7b 24 8f 65 2e eb 74 93 77 f9 11 43 59 6e 0f 80 42 81 11 5c 1c 55 3f a5 58 3f a5 1a 06 65 73 14 2c d0 c2 ef 85 6f 44 d4 6f 8b cc b6 48 a0 e0 a0 5a 2f c1 0c 4d 44 a0 5b 2f e2 7b 80 15 96 50 1f fb e4 91 83 f8 21 0b 16 e9 c9 4b 40 95 2f 74 f9 0c 0c 06 9c 3c 64 61 c4 02 45 2c 4c 87 29 ec 2c c6 e9 65 f1 4c cf e6 8c e1 6c ce 84 78 89 ee 88 b1 dd e3 2c be 8d 19 f4 cc 40 63 02 ea 98 3e f2 fa 46 f4 74 23 32 ce 91 2a 8f b5 88 7d 1d 17 91 89 b1 66 09 3d 58 df d0 9e b9 06 b0 4e 52 c6 74 0c cc 34 07 9a 35 26 4c f4 f4 df 4f 7f 86 10 62 f1 ea 07 f8 9f fa d5 bd 38 c5 fb 41 3a 29 a7 18 ac 73 ce d4 29 06 e3 77 5e 4e 31 14 b6 8b 53 bc 11 bc 77 71 8a f7 83 74 52 4e 31 58 e7 9c a9 53 0c c6 ef bc 9c 62 28 6c 27 e5 14 ff 00 5d 9d 2d 10 7c 12 00 00 Data Ascii: o0#-mW^m4iS^NhRU}j(O_Gw\|+eUK>M-Ifg<,#7e.e3trWU7&?AvmZzWv;2fZn?2^}[p/%P)f;:y5QrrgN^}<&nQxy/pWE-.K.;H[-^&{`{$e.twCYnB\U?X?es,oDoHZ/MD[/{P!K@/t<daE,L),eLlx,@c>Ft#2*}f=XNRt45&LOb8A:)s)w^N1SwqtRN1XSb(l']-\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:30 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 10 Nov 2024 19:11:39 GMTETag: "2a5f5-62693c0ebf0c0-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 41031Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 dd bd fb 77 db 46 b2 20 fc fb 9e b3 ff 03 88 f1 9d 01 2d 8a 96 9c 99 d9 1d da 8e 8e 23 db 49 e6 c6 89 13 39 af 4b 29 39 10 09 4a 88 49 80 01 40 3d 12 f9 fe ed 5f 57 55 bf bb 1a a4 3c b9 77 f7 5b 9e 63 8b 04 fa dd d5 d5 f5 ae 47 0f 07 c9 2f 5f 6f 8a e6 36 b9 fa 68 fc b7 f1 61 72 97 64 b3 61 f2 cf 93 e4 55 bd a9 e6 79 57 d6 55 92 57 f3 a4 ee 2e 8b 26 99 d5 55 d7 94 e7 9b ae 6e 5a 51 f4 97 5f a1 ea b8 6e 2e 1e 2d cb 59 51 b5 45 f2 f0 d1 ff fc 1f 83 6c b1 a9 66 58 35 2b 46 49 37 4c 7e ff 9f ff 23 49 d2 8d 78 df 8a fa b3 2e 7d 82 0f ea f3 5f 0a f1 23 79 f6 2c e9 6e d7 45 bd 48 56 f5 7c b3 2c 92 3f ff 39 fe 72 5c dc ac eb a6 6b a1 85 24 39 4a 32 f7 71 f2 2c 29 c6 f3 7a b6 59 15 55 47 65 a8 5c 07 63 19 1c 0c cd b3 49 62 8d 53 0e d2 7c ca 45 92 0d 4c 53 43 f7 6d 92 74 97 4d 7d 9d 54 c5 75 f2 b2 69 ea 26 4b e5 42 36 c5 af 9b b2 29 da 24 4f ae cb 6a 2e ca 5c 97 dd a5 f8 a5 5a 4a 87 4f dc b6 9a a2 db 34 15 0c d0 7d f3 5e f6 39 51 af de 0f b3 54 ec 4a b1 28 ab 62 9e 26 03 bd 32 b2 a3 23 f5 45 d4 b8 2c db 91 35 bf e3 51 52 c4 f6 e1 2a 6f 92 4e ac db f4 6c 44 1d 36 e2 c7 57 b8 fc e3 8b a2 7b d3 d4 5d 0d 1d 7d b5 90 ef 61 91 bb 71 0b 7b 2e 9f 5c e0 93 c5 32 d7 4b 7e d4 b3 b8 6a c2 58 61 3c cb 97 4b 77 ea ef d5 d7 be 1d d2 8d 08 a0 9c 89 66 f2 f5 7a 79 9b 89 39 24 6e 5b 72 84 1b 1c e1 7a d3 5e ca 07 25 3e 10 eb 55 dc e8 89 55 e2 d9 ef aa 46 2d 7e 54 e3 ae 3e 11 4b 55 5d c8 87 57 f8 f0 32 6f bf ba ae c4 c2 ac 8b a6 bb 95 af 72 f1 ea ca 2f bf 14 0f 73 9a 22 ad e8 50 be b8 b5 bb 5a 89 1f fc 4c e5 2c 53 f5 d6 3e 0f 74 4e aa cd ea bc 68 6c 68 28 c6 55 3d 2f de 8a 1f 72 1d 54 37 37 db ba a9 36 cb 25 34 84 2d 17 a2 2b 38 4c 04 53 5e 53 2f 45 53 c7 fa 70 c8 87 33 98 13 8e 62 22 4e da 28 69 9b 19 7d a9 c4 16 15 ea eb 6b 3c af f0 2b 79 8f ad ea 21 9d 23 ba 10 65 f4 c8 00 34 9b 91 1a 65 a9 bf c1 de 64 b0 5b 55 72 77 97 bc 1c 8e 67 4d 91 77 c5 cb 65 01 c3 c9 d2 76 d6 94 6b 73 d2 e0 2c 67 59 3d ee 8a 1b 00 f4 62 08 58 49 9f e8 45 dd 24 59 93 94 55 32 b3 4e 79 86 00 32 6d ce a0 87 0c 4f c2 f3 8e b0 1f 2e 8f fb 24 6b 86 c3 a1 78 6c 43 68 3d 6e 9d 12 a3 a4 54 03 12 20 54 e4 73 80 d9 a2 9a 1f 5f 96 cb 79 56 0f c7 eb bc 11 a3 ff 52 6c de b8 29 56 f5 55 a1 de 60 ad f7 ce 5a 5d 5b fb 67 ef 1e 6c 99 39 83 45 b2 97 a4 a9 39 4e 0c 56 2d 60 7e 3c 7c 99 76 aa 69 ad ce 29 ae 87 6a c7 b4 ac ea 98 a1 c2 de 2d c4 1a a6 78 b3 a4 72 ef 4e 5c 18 34 d7 83 3d 11 81 54 4f c6 8b 4a 9c ce b2 a3 32 0a fc 5c 80 59 5b 8b a0 b0 d8 60 40 e7 62 59 54 17 dd 65 0a db 4a e0 3c a6 27 1a 86 00 7c ae 0d e2 91 7d 67 ea f5 60 05 8d 9b 1d 1d dc b8 bf b3 34 6f 9a fc 36 c5 53 02 60 68 b6 fe 00 9f 75 ce b3 4c 1f 54 b3 c0 1d 8c eb 2

Source: global traffic	HTTP traffic detected: GET /npm/sweetalert2@11 HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/sweetalert2@11 HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery.min.js HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/style.css HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/styles.css HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/Valida_Digito_Verificador.js HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/logo.png HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/background.webp HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery.min.js HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/logo.png HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/background.webp HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/favicon-16x16.png HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/favicon-16x16.png HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 161-35-123-255.ipv4.staticdns3.io
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 295Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 36 31 2d 33 35 2d 31 32 33 2d 32 35 35 2e 69 70 76 34 2e 73 74 61 74 69 63 64 6e 73 33 2e 69 6f 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 161-35-123-255.ipv4.staticdns3.io Port 80</address></body></html>

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: classification engine

Classification label: mal60.win@16/35@10/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=2036,i,5035009390763185257,10679951283778665790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://161-35-123-255.ipv4.staticdns3.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=2036,i,5035009390763185257,10679951283778665790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.1.229	unknown	United States	54113	FASTLYUS	false
151.101.65.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
161.35.123.255	161-35-123-255.ipv4.staticdns3.io	United States	14061	DIGITALOCEAN-ASNUS	true
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.65.229	true
www.google.com	142.250.186.132	true
161-35-123-255.ipv4.staticdns3.io	161.35.123.255	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://161-35-123-255.ipv4.staticdns3.io/css/styles.css	true	Avira URL Cloud: malware	unknown
http://161-35-123-255.ipv4.staticdns3.io/img/logo.png	true	Avira URL Cloud: malware	unknown
http://161-35-123-255.ipv4.staticdns3.io/assets/Valida_Digito_Verificador.js	true	Avira URL Cloud: malware	unknown
http://161-35-123-255.ipv4.staticdns3.io/img/background.webp	true	Avira URL Cloud: malware	unknown
http://161-35-123-255.ipv4.staticdns3.io/js/jquery.min.js	true	Avira URL Cloud: malware	unknown
http://161-35-123-255.ipv4.staticdns3.io/css/style.css	true	Avira URL Cloud: malware	unknown
http://161-35-123-255.ipv4.staticdns3.io/	true		unknown
http://161-35-123-255.ipv4.staticdns3.io/img/favicon-16x16.png	true	Avira URL Cloud: malware	unknown
https://cdn.jsdelivr.net/npm/sweetalert2@11	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	552BC022CEFD5BC66D5D5C266BDE8B44	C59F4EAB419995540E5919CEBE1D4F0F67FB566E	FB3E12DEB5E76F9CC4B432C0317646AFE05292F84FBF4852285E60976819CF2E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2DBF8DC80171E7A6373074E509902B63	FCBD40EBD7314E85B75635B9289B6AA2D438E2B7	9D10B3D652955617A883DC7CC52E08A0A1F5938F5E7F9423C94542F1A15F942F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5F2A99C6AB8134A9FE1FE06463A892C5	055716D608669A06DB888C6C3723614A35934FEC	D4230CA90A129E243016430CDF9B66DA0131D9A65383608DD1A148AECB088411
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4C66999725F1801817BDEA72C2329A53	3319417108458F9CCB2FFAF296733CCAEAC2814A	37FCF7C8D3434213A1DD4B0A2E2E507866B614B72A0B79C32CC727C557681428
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B0CF577028068C809CB7DE89049C65E5	1BB8D78EDAAA7EBA488CEEE64E3F5585B46D6488	86FF1AFE32587D1341B3C42234CA44099A823707745288B47E8CCDD87113AE45
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 22:42:24 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7FC2EFDCD35C905C3E47F97F31217C90	1EEFA1C4BCEAFFBF6ABAFE54CA2E55DD05E1E768	FC6C6C22AD11FA1CA24204AACBDA6006589E76B15D848ED8FA7644E7B171B8D9
Chrome Cache Entry: 67	gzip compressed data, from Unix, original size modulo 2^32 336738	797BB07CE60EF2E55FF5626C8BD6BF22	87423DDBFDEEA0A2A745DC82AD83D967AE7392F6	49C3916F6D9EE4AFDF1F208945778615E9A70B071483F51B46DFF447E2AE423F
Chrome Cache Entry: 68	PNG image data, 1832 x 298, 8-bit/color RGBA, non-interlaced	1A067E3EE6CB53C424E25E21B4C72DBB	1252EFB2A74FAE14EBE337603174E4E3262C32CA	2DB48F3BB76BE4F40A324525D4E872882F59208122F0EA552759EB76BEB97D3A
Chrome Cache Entry: 69	ASCII text, with very long lines (47960)	06735C25FBBC8C9A6BD1AEFF7A41CF7D	4D3A92C8860C6D5FF05EF300F1178AE4F2934561	03D7A0EB6CAF584E5500DCFE206C4156C47B37D11666646C470686751F7ABC07
Chrome Cache Entry: 70	Web Open Font Format (Version 2), TrueType, length 35904, version 1.0	C26B97E7F5BB7A34D190703522D75E16	69D9E5AEA0544DBAF9B78C1B65139C03ECEECE8F	96217F1D27FB909F92B4A6B35A0D3D6775F2F0B4D136D27AEE88547D3ED87357
Chrome Cache Entry: 71	PNG image data, 1832 x 298, 8-bit/color RGBA, non-interlaced	1A067E3EE6CB53C424E25E21B4C72DBB	1252EFB2A74FAE14EBE337603174E4E3262C32CA	2DB48F3BB76BE4F40A324525D4E872882F59208122F0EA552759EB76BEB97D3A
Chrome Cache Entry: 72	RIFF (little-endian) data, Web/P image, VP8 encoding, 1921x1081, Scaling: [none]x[none], YUV color, decoders should clamp	FC493A2AFA586FE00D130D035BB089E1	48BBDB582F5E60ED390F289AF6F4DC7E11CC46B2	FB0CB7F47385DC36D0E23BB39AE5B0E4E6CF9F9538E6F157F224975AD45776C4
Chrome Cache Entry: 73	ASCII text, with no line terminators	9A4612FF79F60A08698850F79DC54D0E	553C63F94398E3219EDDC3481ACA4504E07BCFB9	C844050EE7973ABA20A796B2A94EE71026F50A5A1F725EBF44F0135267540456
Chrome Cache Entry: 74	RIFF (little-endian) data, Web/P image, VP8 encoding, 1921x1081, Scaling: [none]x[none], YUV color, decoders should clamp	FC493A2AFA586FE00D130D035BB089E1	48BBDB582F5E60ED390F289AF6F4DC7E11CC46B2	FB0CB7F47385DC36D0E23BB39AE5B0E4E6CF9F9538E6F157F224975AD45776C4
Chrome Cache Entry: 75	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	04E963F7BF9A3A5D4DFED0F5FB279EFC	F046B812017A509880BE466E9E3BC5DD05EE84EE	43D18E4FA9E275916B672A6C3118BCBD2824F944236DCC70A80BA4A705F1FA76
Chrome Cache Entry: 76	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	04E963F7BF9A3A5D4DFED0F5FB279EFC	F046B812017A509880BE466E9E3BC5DD05EE84EE	43D18E4FA9E275916B672A6C3118BCBD2824F944236DCC70A80BA4A705F1FA76
Chrome Cache Entry: 77	ASCII text, with no line terminators	CB6B0E52F4DDE2069C4DB8BBA4E672E1	54B1D938DD7752DCED66D508CD4B9430E8557E89	B030381F3541240224BBFE118C94492CB6F725CACF3A8E96C930887F2F60CC0F
Chrome Cache Entry: 78	gzip compressed data, from Unix, original size modulo 2^32 173557	923C0D708809ABF6457B69B11CCB1785	37B927A0F4F01894695E409F305CF7D14A815B14	0A2805139D8A208F39C118470CB2AE33DA480035ED2A802CDE014CD3A1FCCA3E
Chrome Cache Entry: 79	HTML document, ASCII text	E22A26B0674B280C8DAA84578F955DDB	5D0B99E42921CBE8504532C574AB6F26A2B5F177	EFEF16BF5D07D94831240FA963A103072475D1667024B04A3CD7DB45BB97A6BC
Chrome Cache Entry: 80	ASCII text, with very long lines (47960)	06735C25FBBC8C9A6BD1AEFF7A41CF7D	4D3A92C8860C6D5FF05EF300F1178AE4F2934561	03D7A0EB6CAF584E5500DCFE206C4156C47B37D11666646C470686751F7ABC07
Chrome Cache Entry: 81	gzip compressed data, from Unix, original size modulo 2^32 173557	923C0D708809ABF6457B69B11CCB1785	37B927A0F4F01894695E409F305CF7D14A815B14	0A2805139D8A208F39C118470CB2AE33DA480035ED2A802CDE014CD3A1FCCA3E
Chrome Cache Entry: 82	gzip compressed data, from Unix, original size modulo 2^32 71976	2649D71FE13F9568308D48790CBBF7FE	D6D68EC83125DAF0D1B1905DD5C9352A40B43895	A3ED860141737BB38BC840BD7CB02ACD181A460B59911CEE44878D2065BA4B1C
Chrome Cache Entry: 83	gzip compressed data, from Unix, original size modulo 2^32 4732	78504AC1DA64C54799CBD492B952E144	5F1A630743AE8A3AF7A77813C73F823FCF3884A3	418B6A2E17CE07DB07FE7ED7762459BCD9BB57E85B2A6802A54B3A5D9724A79E

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://161-35-123-255.ipv4.staticdns3.io/

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: http://161-35-123-255.ipv4.staticdns3.io/img/logo.png	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/css/styles.css	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/assets/Valida_Digito_Verificador.js	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/js/jquery.min.js	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/img/background.webp	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/img/favicon-16x16.png	Avira URL Cloud: Label: malware
Source: http://161-35-123-255.ipv4.staticdns3.io/css/style.css	Avira URL Cloud: Label: malware

Phishing

AI detected suspicious URL

Source: URL

Joe Sandbox AI: AI detected IP in URL: http://161-35-123-255.ipv4.staticdns3.io

HTML body contains low number of good links

Source: http://161-35-123-255.ipv4.staticdns3.io/

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: http://161-35-123-255.ipv4.staticdns3.io/

HTTP Parser: Title: BDVenlnea personas does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Source: http://161-35-123-255.ipv4.staticdns3.io/

HTTP Parser: Has password / email / username input fields

Suspicious form URL found

Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: Form action: login.php

Source: http://161-35-123-255.ipv4.staticdns3.io/

HTTP Parser: <input type="password" .../> found

Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="author".. found
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="author".. found
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="author".. found

Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="copyright".. found
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="copyright".. found
Source: http://161-35-123-255.ipv4.staticdns3.io/	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49739 version: TLS 1.0

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49739 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 10 Nov 2024 21:06:11 GMTETag: "11928-626955a8656c0-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 9653Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3d db 6e e4 46 76 ef 0b ec 3f d0 6d 18 d2 78 c5 be 49 1a 69 34 92 d6 97 b1 77 37 c8 da c6 8e d7 c8 62 60 0c d8 64 75 37 47 6c 92 26 d9 d2 cc 64 1d 20 5f 10 e4 0b 82 7d cc c3 3e 04 79 c9 5b 80 f8 83 92 4f c8 39 55 c5 5b 5d c8 22 9b ad b1 bd a2 3c ee 6e b2 58 75 ea d4 a9 73 af aa cb 75 b6 09 ac c0 09 57 57 23 92 8e ae 7f f9 8b 5f fe e2 72 4d 1c 0f be 59 70 5d 6e 48 e6 58 ee da 49 52 92 5d 8d b6 d9 d2 3e 1f e5 cf 32 3f 0b c8 f5 27 cf be 21 61 f0 c3 5f 43 e2 58 31 49 d2 28 74 d2 cb 09 7b c6 0b be 67 db d6 a7 1f 7f fa db cf 2c db ae 55 bc ce b2 d8 26 df 6d fd db ab 91 eb b8 6b 62 bb 51 98 25 51 30 b2 f0 0b 09 a1 cd 8d f3 da 76 56 e4 6a 3a ea fc 6a 18 d9 f4 91 fe 4d f2 3a f6 13 e8 78 f9 4e d9 0c 40 6d f2 c2 d7 5b 72 64 4d 67 d6 df 39 a1 35 7b 72 3e b5 66 17 d3 29 fc 67 fd e6 f7 5f 8f ac c9 75 43 97 e3 c4 59 6d 9c 56 80 43 67 43 ae 46 ab 28 5a 05 a4 56 38 4b 9c 30 0d 9c 8c 54 61 b6 fe f0 d9 f3 af be fc e2 f9 ef be f9 52 44 37 ab e8 d6 27 77 71 94 64 95 aa ee 7c 2f 5b 5f 79 e4 d6 77 89 4d 7f 1c 59 7e e8 67 be 13 d8 a9 eb 04 e4 6a 56 34 91 ba 89 1f 67 56 9a b8 57 a3 57 e9 e4 d5 77 5b 92 bc 19 6f fc 70 fc 0a 08 e8 72 c2 9e e7 a5 03 3f bc b1 12 12 5c 8d d2 ec 4d 40 d2 35 21 d0 f0 3a 21 4b 18 b6 34 9d d0 bb 63 f8 36 ea f4 46 aa 7b 65 0d 1d 73 b7 99 e5 43 df f2 b7 fc cd 6a b2 74 6e f1 96 3d 7b fc 7a f6 78 1c 87 ab 91 95 bd 89 09 3e 04 e2 9a bc b6 e9 0b 0a 6c 6d 52 27 8e 03 df 75 32 1f 5e ff da 0f c8 a7 51 10 25 15 e4 bd ef 39 a7 c7 73 57 f5 72 b6 26 1b 24 4c e1 85 25 bd 4a 8c 62 8f f8 0f bc d6 c7 2f 5e 86 2b 5e dc 76 a7 df 1e 95 cf b2 b5 f0 cc fa c7 f2 21 5e b4 b1 0b eb fd e9 f4 f1 d9 62 56 3e fb 1e a7 76 fe e3 a3 0d f1 7c 98 ae 89 1f 66 62 05 e3 30 a2 f7 ed 94 b8 d8 e7 96 f6 f0 f2 fc 34 0e 9c 37 17 56 18 85 c4 7a cf df 20 79 39 61 56 2f f9 7d 0d 18 da f3 49 b5 eb 12 1e de 4f 63 3f 0c 49 52 83 60 26 41 90 45 f1 85 35 7d 5a bf 19 90 65 26 df 5d 13 7f b5 86 fb b3 e9 f4 03 e1 11 a5 7a e5 93 38 4a 7d 44 c4 85 b5 f4 5f 13 4f 78 fa d6 f6 43 8f bc be b0 9e c0 25 3c 8b 62 c7 f5 33 c0 cb f8 4c 78 b2 70 dc 9b 55 12 6d 43 cf ce 07 6c 39 c3 3f a1 5c 81 d9 65 40 5e 0b cf 9c c0 5f 85 b6 9f 91 4d 7a 61 b9 80 1c 92 08 25 5e 6d d3 cc 5f be b1 39 f2 f2 52 1a a2 18 53 48 88 67 c7 4e 02 e5 8e e4 27 d7 9e 7f 2b 62 5f d1 93 e3 e3 e3 ae 43 3d 4e 6f ec 3b e7 96 d4 86 fa 89 34 d4 e5 50 c0 6c 87 19 79 4b 9e 2a 68 e1 54 1a c2 8d 93 ac 7c 78 cb d9 66 91 7a dc 4f a7 b1 88 df 9c 58 4e e4 47 19 79 9d d9 14 ff 1a cc 2f 23 9c 40 fe 5b 82 14 15 bf d6 61 5c d3 6b bc 9f c0 ec 6b c1 c6 32 88 1c 80 0f 49 5d d9 5f 3b e1 d4 ae ed 9a 7e 1e 3c 96 de 29 48 d1 0f 81 df 12 7b 11 44 ee 8d 50 c6 be 23 8b 1b 1f 50 13 02 5b 65 03 35
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Fri, 14 Jun 2024 11:17:52 GMTETag: "52362-61ad7c42f7800-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 31105Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed fd 69 73 a3 c8 b6 28 0c 7f bf 11 f7 3f 78 9f 13 1d a7 aa 4b 92 05 9a 5d b1 77 dc f2 6c 97 e7 d9 ee e8 77 07 12 48 c2 46 82 02 64 cb de 71 9e df fe 66 32 26 39 91 20 64 cb dd 54 77 75 db b0 72 e5 9a 73 e5 ca 81 71 e3 8f 7f 4f 47 03 73 ea 6a 53 b7 3a a8 ff 59 59 73 c7 d8 a3 ff fc df ff b3 06 fe 0c 4c c3 b4 37 fe bb 5e 6f 77 fa d2 ff fd 3f ff fb 7f ff cf ff 9b 68 aa ae ac 59 b6 3e 75 03 a0 da d4 f4 7e ad 3a da c0 d5 cd 29 1d 15 fc a3 ea 8e 65 28 af 1b 53 73 aa fd 43 9f 58 a6 ed 2a 53 d7 7f ff bf 1e fa b5 ff 76 2c 7d 3a d5 ec 04 12 29 44 e2 9a d6 46 fd bb ff b3 a1 0d dd e8 97 b1 a6 8f c6 ee 86 54 af ff 16 3c 79 d1 55 77 8c 3e b0 4c 47 87 e4 6d 0c f5 b9 a6 06 0f df aa fa 54 d5 e6 1b 3d f0 27 78 64 5a ca 40 77 5f 37 6a 9d e0 41 5f 19 3c 8d 6c 73 36 55 ab 81 3c 86 12 fc 27 78 1d 32 35 34 b4 79 f0 48 31 f4 d1 b4 aa bb da c4 d9 18 00 0e 34 3b 78 f1 38 73 5c 7d f8 5a 0d 38 0b 5e fa 9c d7 3c e4 9a 5a b5 14 1b 3c ae 44 0f fe a5 ea cf ff 61 91 d2 68 34 bc e6 35 e7 a9 fa a2 3c 6b 09 b9 f5 42 b9 45 bc db 9a a1 b8 fa b3 f6 3d 96 67 2b 92 d0 44 b1 47 fa 74 43 99 b9 66 42 88 ad ba 35 4f ca b9 19 3f 71 b5 b9 5b f5 18 4e b2 3a 34 a1 45 e8 6f 1a d0 81 35 e7 d1 b8 06 9f db c0 76 e8 b4 0f 0d 53 71 37 a0 b6 13 64 56 6d 5f e3 38 69 84 09 b4 23 88 50 53 fa d4 d0 a7 5a b5 6f 98 83 a7 e0 55 f5 45 eb 3f e9 80 91 a9 3e 51 3c 49 49 35 d9 59 d3 14 47 03 16 52 35 67 ee 9a 3e 1d ea 53 a0 d3 b5 80 8b 4b d7 d6 dc c1 78 1b 48 f4 35 d4 7b be d6 42 c2 91 e8 d2 21 08 af aa 10 e5 46 15 52 80 93 85 be 13 ea 54 ce dc a9 c4 e9 54 12 eb b4 91 b5 53 76 97 62 1d b6 32 76 58 eb 32 7b 04 af 84 ba 6c 66 ed b2 c7 ee b2 e7 77 f9 ff c2 c6 4f da eb d0 56 26 9a 43 b3 b5 a0 a3 fa 6f 15 e8 28 95 66 fd 37 24 3e 87 18 5c 5b 99 3a 43 d3 9e 6c 38 03 c5 d0 ee bf d4 9a 5f bf c7 60 b4 d7 51 10 87 ff 93 c5 b0 4a 5c a4 52 8c 13 72 f7 97 e4 0a 68 b2 0a df 56 87 ba 66 a8 c9 31 2f 1a 39 e3 91 cc 6b 03 e1 19 90 41 00 d7 a7 63 cd d6 dd 78 84 8d 02 e7 bc ea 23 23 20 7c a3 35 4c 18 58 21 62 45 27 c6 e0 a8 17 f3 59 b3 41 50 7e d9 18 eb aa aa 4d 99 a3 a4 a6 c2 7f c8 d7 c0 7e 47 da c6 cc 36 be d4 6a eb de 2f ce 7a fc ba f6 68 8d be 92 8d a2 11 cc 1f 64 d6 12 63 0d 02 e7 8d 38 03 48 22 f9 ce d6 2c 0d 0c 25 53 33 f8 89 18 38 9e c7 be 1c fa c6 8c c5 7c 8c 6e c3 1e f5 95 2f 72 ab 55 09 ff d6 e4 90 f0 d0 38 20 b4 6a 9b 16 d0 af 01 c8 dd 80 88 bf c8 d6 1c 65 90 f7 1e 25 8d c8 6b a8 3a ab 7a c3 65 d5 17 0f 83 07 6a 26 94 4c 05 bc e4 4a 6e 25 47 d2 f8 f7 80 2e 24 53 20 dd c1 fb 09 64 1b da 97 2a c0 5b 81 ff 09 d9 12 02 a2 a4 5d c3 61 f8 ce 9c 57 9d b1 a2 02 23 ac af b5 ac f9 1a cc 31 d6 ea 6b 9e 4a ea 15 f8 4f 2d f2 c3 ea c4 7c ab 66 6b 11 aa 2f 53 23 33
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 10 Nov 2024 19:11:39 GMTETag: "2a5f5-62693c0ebf0c0-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 41031Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 dd bd fb 77 db 46 b2 20 fc fb 9e b3 ff 03 88 f1 9d 01 2d 8a 96 9c 99 d9 1d da 8e 8e 23 db 49 e6 c6 89 13 39 af 4b 29 39 10 09 4a 88 49 80 01 40 3d 12 f9 fe ed 5f 57 55 bf bb 1a a4 3c b9 77 f7 5b 9e 63 8b 04 fa dd d5 d5 f5 ae 47 0f 07 c9 2f 5f 6f 8a e6 36 b9 fa 68 fc b7 f1 61 72 97 64 b3 61 f2 cf 93 e4 55 bd a9 e6 79 57 d6 55 92 57 f3 a4 ee 2e 8b 26 99 d5 55 d7 94 e7 9b ae 6e 5a 51 f4 97 5f a1 ea b8 6e 2e 1e 2d cb 59 51 b5 45 f2 f0 d1 ff fc 1f 83 6c b1 a9 66 58 35 2b 46 49 37 4c 7e ff 9f ff 23 49 d2 8d 78 df 8a fa b3 2e 7d 82 0f ea f3 5f 0a f1 23 79 f6 2c e9 6e d7 45 bd 48 56 f5 7c b3 2c 92 3f ff 39 fe 72 5c dc ac eb a6 6b a1 85 24 39 4a 32 f7 71 f2 2c 29 c6 f3 7a b6 59 15 55 47 65 a8 5c 07 63 19 1c 0c cd b3 49 62 8d 53 0e d2 7c ca 45 92 0d 4c 53 43 f7 6d 92 74 97 4d 7d 9d 54 c5 75 f2 b2 69 ea 26 4b e5 42 36 c5 af 9b b2 29 da 24 4f ae cb 6a 2e ca 5c 97 dd a5 f8 a5 5a 4a 87 4f dc b6 9a a2 db 34 15 0c d0 7d f3 5e f6 39 51 af de 0f b3 54 ec 4a b1 28 ab 62 9e 26 03 bd 32 b2 a3 23 f5 45 d4 b8 2c db 91 35 bf e3 51 52 c4 f6 e1 2a 6f 92 4e ac db f4 6c 44 1d 36 e2 c7 57 b8 fc e3 8b a2 7b d3 d4 5d 0d 1d 7d b5 90 ef 61 91 bb 71 0b 7b 2e 9f 5c e0 93 c5 32 d7 4b 7e d4 b3 b8 6a c2 58 61 3c cb 97 4b 77 ea ef d5 d7 be 1d d2 8d 08 a0 9c 89 66 f2 f5 7a 79 9b 89 39 24 6e 5b 72 84 1b 1c e1 7a d3 5e ca 07 25 3e 10 eb 55 dc e8 89 55 e2 d9 ef aa 46 2d 7e 54 e3 ae 3e 11 4b 55 5d c8 87 57 f8 f0 32 6f bf ba ae c4 c2 ac 8b a6 bb 95 af 72 f1 ea ca 2f bf 14 0f 73 9a 22 ad e8 50 be b8 b5 bb 5a 89 1f fc 4c e5 2c 53 f5 d6 3e 0f 74 4e aa cd ea bc 68 6c 68 28 c6 55 3d 2f de 8a 1f 72 1d 54 37 37 db ba a9 36 cb 25 34 84 2d 17 a2 2b 38 4c 04 53 5e 53 2f 45 53 c7 fa 70 c8 87 33 98 13 8e 62 22 4e da 28 69 9b 19 7d a9 c4 16 15 ea eb 6b 3c af f0 2b 79 8f ad ea 21 9d 23 ba 10 65 f4 c8 00 34 9b 91 1a 65 a9 bf c1 de 64 b0 5b 55 72 77 97 bc 1c 8e 67 4d 91 77 c5 cb 65 01 c3 c9 d2 76 d6 94 6b 73 d2 e0 2c 67 59 3d ee 8a 1b 00 f4 62 08 58 49 9f e8 45 dd 24 59 93 94 55 32 b3 4e 79 86 00 32 6d ce a0 87 0c 4f c2 f3 8e b0 1f 2e 8f fb 24 6b 86 c3 a1 78 6c 43 68 3d 6e 9d 12 a3 a4 54 03 12 20 54 e4 73 80 d9 a2 9a 1f 5f 96 cb 79 56 0f c7 eb bc 11 a3 ff 52 6c de b8 29 56 f5 55 a1 de 60 ad f7 ce 5a 5d 5b fb 67 ef 1e 6c 99 39 83 45 b2 97 a4 a9 39 4e 0c 56 2d 60 7e 3c 7c 99 76 aa 69 ad ce 29 ae 87 6a c7 b4 ac ea 98 a1 c2 de 2d c4 1a a6 78 b3 a4 72 ef 4e 5c 18 34 d7 83 3d 11 81 54 4f c6 8b 4a 9c ce b2 a3 32 0a fc 5c 80 59 5b 8b a0 b0 d8 60 40 e7 62 59 54 17 dd 65 0a db 4a e0 3c a6 27 1a 86 00 7c ae 0d e2 91 7d 67 ea f5 60 05 8d 9b 1d 1d dc b8 bf b3 34 6f 9a fc 36 c5 53 02 60 68 b6 fe 00 9f 75 ce b3 4c 1f 54 b3 c0 1d 8c eb 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Thu, 13 Jun 2024 19:21:34 GMTETag: "127c-61aca6830ab80-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 540Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 95 df 6f 9b 30 10 c7 df 23 e5 7f e0 2d 6d 57 87 b3 f9 91 c0 5e 86 09 96 aa 6d 8d 34 69 53 5e 11 83 14 89 c0 04 4e bb 68 da ff be c3 b6 52 55 7d 6a c4 aa 28 c9 8b 4f 5f ce d8 dc 47 77 7c ed 1b 2b db b5 65 55 95 19 c9 7f 4b eb c6 1e 8f 3e 15 4d 2d 49 91 66 b9 f5 67 3c b2 2c 23 37 65 b5 0b ad c9 fd b6 2e 65 33 f9 b8 cf 74 72 57 e5 a1 55 37 ed 26 ad 9e 1f 3f e5 e5 fa 41 86 96 03 a0 1e 76 6d 16 5a db b6 ba 7a 90 f2 57 17 da 76 bf ab 9b ae 3b 99 ca 32 9b 66 cd c6 ee ec 5a 1d 6e 3f 32 cf 5e 7d 5b fd 70 ee fc 2f 25 50 fe b9 29 ee 96 cb 94 af ba 66 fa d4 14 05 bb c6 3b f0 3a 79 35 51 72 72 ad ae c0 97 b3 e6 67 4e da b4 5e e3 17 7d ff 00 ae 0f 04 3c 26 6e 51 d0 78 0e 04 97 79 2f 18 70 57 c5 45 02 84 2d 84 da 11 f9 2e 90 c8 0f 94 10 09 4b 08 2e 02 8f fe 3b 1e d9 cf a0 8e 18 d2 d7 fc 00 48 0e d0 5b 05 0b 10 96 eb 09 2d 82 5e 04 26 c3 7b c1 95 60 94 fa 7b 24 8f 65 2e eb 74 93 77 f9 11 43 59 6e 0f 80 42 81 11 5c 1c 55 3f a5 58 3f a5 1a 06 65 73 14 2c d0 c2 ef 85 6f 44 d4 6f 8b cc b6 48 a0 e0 a0 5a 2f c1 0c 4d 44 a0 5b 2f e2 7b 80 15 96 50 1f fb e4 91 83 f8 21 0b 16 e9 c9 4b 40 95 2f 74 f9 0c 0c 06 9c 3c 64 61 c4 02 45 2c 4c 87 29 ec 2c c6 e9 65 f1 4c cf e6 8c e1 6c ce 84 78 89 ee 88 b1 dd e3 2c be 8d 19 f4 cc 40 63 02 ea 98 3e f2 fa 46 f4 74 23 32 ce 91 2a 8f b5 88 7d 1d 17 91 89 b1 66 09 3d 58 df d0 9e b9 06 b0 4e 52 c6 74 0c cc 34 07 9a 35 26 4c f4 f4 df 4f 7f 86 10 62 f1 ea 07 f8 9f fa d5 bd 38 c5 fb 41 3a 29 a7 18 ac 73 ce d4 29 06 e3 77 5e 4e 31 14 b6 8b 53 bc 11 bc 77 71 8a f7 83 74 52 4e 31 58 e7 9c a9 53 0c c6 ef bc 9c 62 28 6c 27 e5 14 ff 00 5d 9d 2d 10 7c 12 00 00 Data Ascii: o0#-mW^m4iS^NhRU}j(O_Gw\|+eUK>M-Ifg<,#7e.e3trWU7&?AvmZzWv;2fZn?2^}[p/%P)f;:y5QrrgN^}<&nQxy/pWE-.K.;H[-^&{`{$e.twCYnB\U?X?es,oDoHZ/MD[/{P!K@/t<daE,L),eLlx,@c>Ft#2*}f=XNRt45&LOb8A:)s)w^N1SwqtRN1XSb(l']-\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 15 Jan 2025 23:42:30 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 10 Nov 2024 19:11:39 GMTETag: "2a5f5-62693c0ebf0c0-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 41031Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 dd bd fb 77 db 46 b2 20 fc fb 9e b3 ff 03 88 f1 9d 01 2d 8a 96 9c 99 d9 1d da 8e 8e 23 db 49 e6 c6 89 13 39 af 4b 29 39 10 09 4a 88 49 80 01 40 3d 12 f9 fe ed 5f 57 55 bf bb 1a a4 3c b9 77 f7 5b 9e 63 8b 04 fa dd d5 d5 f5 ae 47 0f 07 c9 2f 5f 6f 8a e6 36 b9 fa 68 fc b7 f1 61 72 97 64 b3 61 f2 cf 93 e4 55 bd a9 e6 79 57 d6 55 92 57 f3 a4 ee 2e 8b 26 99 d5 55 d7 94 e7 9b ae 6e 5a 51 f4 97 5f a1 ea b8 6e 2e 1e 2d cb 59 51 b5 45 f2 f0 d1 ff fc 1f 83 6c b1 a9 66 58 35 2b 46 49 37 4c 7e ff 9f ff 23 49 d2 8d 78 df 8a fa b3 2e 7d 82 0f ea f3 5f 0a f1 23 79 f6 2c e9 6e d7 45 bd 48 56 f5 7c b3 2c 92 3f ff 39 fe 72 5c dc ac eb a6 6b a1 85 24 39 4a 32 f7 71 f2 2c 29 c6 f3 7a b6 59 15 55 47 65 a8 5c 07 63 19 1c 0c cd b3 49 62 8d 53 0e d2 7c ca 45 92 0d 4c 53 43 f7 6d 92 74 97 4d 7d 9d 54 c5 75 f2 b2 69 ea 26 4b e5 42 36 c5 af 9b b2 29 da 24 4f ae cb 6a 2e ca 5c 97 dd a5 f8 a5 5a 4a 87 4f dc b6 9a a2 db 34 15 0c d0 7d f3 5e f6 39 51 af de 0f b3 54 ec 4a b1 28 ab 62 9e 26 03 bd 32 b2 a3 23 f5 45 d4 b8 2c db 91 35 bf e3 51 52 c4 f6 e1 2a 6f 92 4e ac db f4 6c 44 1d 36 e2 c7 57 b8 fc e3 8b a2 7b d3 d4 5d 0d 1d 7d b5 90 ef 61 91 bb 71 0b 7b 2e 9f 5c e0 93 c5 32 d7 4b 7e d4 b3 b8 6a c2 58 61 3c cb 97 4b 77 ea ef d5 d7 be 1d d2 8d 08 a0 9c 89 66 f2 f5 7a 79 9b 89 39 24 6e 5b 72 84 1b 1c e1 7a d3 5e ca 07 25 3e 10 eb 55 dc e8 89 55 e2 d9 ef aa 46 2d 7e 54 e3 ae 3e 11 4b 55 5d c8 87 57 f8 f0 32 6f bf ba ae c4 c2 ac 8b a6 bb 95 af 72 f1 ea ca 2f bf 14 0f 73 9a 22 ad e8 50 be b8 b5 bb 5a 89 1f fc 4c e5 2c 53 f5 d6 3e 0f 74 4e aa cd ea bc 68 6c 68 28 c6 55 3d 2f de 8a 1f 72 1d 54 37 37 db ba a9 36 cb 25 34 84 2d 17 a2 2b 38 4c 04 53 5e 53 2f 45 53 c7 fa 70 c8 87 33 98 13 8e 62 22 4e da 28 69 9b 19 7d a9 c4 16 15 ea eb 6b 3c af f0 2b 79 8f ad ea 21 9d 23 ba 10 65 f4 c8 00 34 9b 91 1a 65 a9 bf c1 de 64 b0 5b 55 72 77 97 bc 1c 8e 67 4d 91 77 c5 cb 65 01 c3 c9 d2 76 d6 94 6b 73 d2 e0 2c 67 59 3d ee 8a 1b 00 f4 62 08 58 49 9f e8 45 dd 24 59 93 94 55 32 b3 4e 79 86 00 32 6d ce a0 87 0c 4f c2 f3 8e b0 1f 2e 8f fb 24 6b 86 c3 a1 78 6c 43 68 3d 6e 9d 12 a3 a4 54 03 12 20 54 e4 73 80 d9 a2 9a 1f 5f 96 cb 79 56 0f c7 eb bc 11 a3 ff 52 6c de b8 29 56 f5 55 a1 de 60 ad f7 ce 5a 5d 5b fb 67 ef 1e 6c 99 39 83 45 b2 97 a4 a9 39 4e 0c 56 2d 60 7e 3c 7c 99 76 aa 69 ad ce 29 ae 87 6a c7 b4 ac ea 98 a1 c2 de 2d c4 1a a6 78 b3 a4 72 ef 4e 5c 18 34 d7 83 3d 11 81 54 4f c6 8b 4a 9c ce b2 a3 32 0a fc 5c 80 59 5b 8b a0 b0 d8 60 40 e7 62 59 54 17 dd 65 0a db 4a e0 3c a6 27 1a 86 00 7c ae 0d e2 91 7d 67 ea f5 60 05 8d 9b 1d 1d dc b8 bf b3 34 6f 9a fc 36 c5 53 02 60 68 b6 fe 00 9f 75 ce b3 4c 1f 54 b3 c0 1d 8c eb 2

Source: global traffic	HTTP traffic detected: GET /npm/sweetalert2@11 HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/sweetalert2@11 HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery.min.js HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/style.css HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/styles.css HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/Valida_Digito_Verificador.js HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/logo.png HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/background.webp HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery.min.js HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/logo.png HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/background.webp HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/favicon-16x16.png HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://161-35-123-255.ipv4.staticdns3.io/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/favicon-16x16.png HTTP/1.1Host: 161-35-123-255.ipv4.staticdns3.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 161-35-123-255.ipv4.staticdns3.io
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net

Source: global traffic

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: classification engine

Classification label: mal60.win@16/35@10/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=2036,i,5035009390763185257,10679951283778665790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://161-35-123-255.ipv4.staticdns3.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=2036,i,5035009390763185257,10679951283778665790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1592280
Product:	CloudBasic
Start time:	00:41:29
Start date:	16.01.2025
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://161-35-123-255.ipv4.staticdns3.io/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://161-35-123-255.ipv4.staticdns3.io/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://161-35-123-255.ipv4.staticdns3.io/