Windows Analysis Report
https://yogalisbon.gitcz.pw/sign-in

Overview

General Information

Sample URL:	https://yogalisbon.gitcz.pw/sign-in
Analysis ID:	1592371
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://yogalisbon.gitcz.pw/sign-in

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://yogalisbon.gitcz.pw/sign-in/favicon.ico	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/favicon.svg	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/favicon-16x16.png	Avira URL Cloud: Label: phishing
Source: https://yogalisbon.gitcz.pw/sign-in/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2	Avira URL Cloud: Label: phishing
Source: https://yogalisbon.gitcz.pw/sign-in/portu.png	Avira URL Cloud: Label: phishing
Source: https://yogalisbon.gitcz.pw/sign-in/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/favicon-32x32.png	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/lib/main.3c9dcec00d5a12b9aa18.css	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/chat-bg-pattern-light.ee148af944f6580293ae.png	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/icon-192x192.png	Avira URL Cloud: Label: malware

HTML body contains low number of good links

Source: https://yogalisbon.gitcz.pw/sign-in/

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://yogalisbon.gitcz.pw/sign-in/

HTTP Parser: Base64 decoded: <svg width="16" height="12" xmlns="http://www.w3.org/2000/svg"><path d="M13.9.8L5.8 8.9 2.1 5.2c-.4-.4-1.1-.4-1.6 0-.4.4-.4 1.1 0 1.6L5 11.2c.4.4 1.1.4 1.6 0l8.9-8.9c.4-.4.4-1.1 0-1.6-.5-.4-1.2-.4-1.6.1z" fill="#FFF"/></svg>

HTML title does not match URL

Source: https://yogalisbon.gitcz.pw/sign-in/

HTTP Parser: Title: Telegram Web does not match URL

Source: https://yogalisbon.gitcz.pw/sign-in/	HTTP Parser: No <meta name="author".. found
Source: https://yogalisbon.gitcz.pw/sign-in/	HTTP Parser: No <meta name="author".. found

Source: https://yogalisbon.gitcz.pw/sign-in/	HTTP Parser: No <meta name="copyright".. found
Source: https://yogalisbon.gitcz.pw/sign-in/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /sign-in HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sign-in/ HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sign-in/lib/main.3c9dcec00d5a12b9aa18.css HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /jquery-3.5.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://yogalisbon.gitcz.pw/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p_2616gsb1a1.png HTTP/1.1Host: h.top4top.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sign-in/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://yogalisbon.gitcz.pwsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://yogalisbon.gitcz.pwsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/portu.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /jquery-3.5.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p_2616gsb1a1.png HTTP/1.1Host: h.top4top.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sign-in/favicon.ico HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/portu.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/favicon.svg HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/favicon-32x32.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/favicon-16x16.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/icon-192x192.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: yogalisbon.gitcz.pw
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: h.top4top.io
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=WIJhcCYgQQ%2BGvigCEIjGVPkvTallWK%2BT0z4vRwyvWazGCEeCwfOLU1ynb1crEXZ6K0Aj75R9su2cfbiXSpF%2BXnisunnHBHc9UqebtXA5Vk5phqXD6iQk3Ielj8MLTR11hJDm%2BVj4 HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 466Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:13 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WIJhcCYgQQ%2BGvigCEIjGVPkvTallWK%2BT0z4vRwyvWazGCEeCwfOLU1ynb1crEXZ6K0Aj75R9su2cfbiXSpF%2BXnisunnHBHc9UqebtXA5Vk5phqXD6iQk3Ielj8MLTR11hJDm%2BVj4"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1da66c84424b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1567&min_rtt=1560&rtt_var=600&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1216&delivery_rate=1801357&cwnd=249&unsent_bytes=0&cid=c7afbd206f8f5ee8&ts=964&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JsbjKnilCkuNZ5zZD3uRY6tPy0vWx0e%2FE6XUOVX4MubTfPI5CnmDMlYGaulxNoI2zxlkEQsnj7Y7C1p9uMLnswK3qtdJY9rIJ%2B64tfAsaiJ%2BlNsGzOE2d4bCCSRUH2rOxOo0fHeN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1daa8930424b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1561&min_rtt=1557&rtt_var=593&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1254&delivery_rate=1829573&cwnd=249&unsent_bytes=0&cid=f8d8285fa429f9fe&ts=900&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3NzrS27bDMMcxeSzYYf5qYF85rLKQVntm%2BgOtoYDq5NTTrdAGSXSeXhPvftXeKPvTDhJvLVGDt7CzYHmoffjMBIqH62jYdq8X0j3Jk2vd8eUEtSFjBFBZvSXuNV%2F246avrFKgopk"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1daa7a8ec34f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1466&min_rtt=1458&rtt_var=564&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1275&delivery_rate=1910994&cwnd=181&unsent_bytes=0&cid=5adfaaf913344937&ts=892&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2VZt4EKQXTB6X6nGE8MrtIAnsks0CdumeFobrOmiAR8SBilgorhv08PWq3J09vU%2BU2rzDXireJRftCFKQHwTZYvIWRRFaaHcOy1IEHH2mKD02dbfFY7AIWCAnOO2tKwfkDWQOlTX"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1daa6ea4729f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1964&min_rtt=1959&rtt_var=746&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1258&delivery_rate=1456359&cwnd=178&unsent_bytes=0&cid=cd8f317d0cfb6a03&ts=943&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:16 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O%2BKS4%2BEpxj%2Bu2yPk8WKPBge0zsAfR3hi1sWH3E1WFYnOuO5NYtuwErEKaJIfOiEo%2BAjeWOEHmx9uGdoxDARLVlHP6Sr3LcqzGL%2BNzlJUhSia%2F5Jf0GCtA1ZXWanKPwz%2FJQG6AeS8"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1db73806727b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1996&min_rtt=1987&rtt_var=752&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1240&delivery_rate=1469552&cwnd=234&unsent_bytes=0&cid=d18e58f23c3bb0be&ts=958&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:18 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UP2n1u3xXns%2F4CxjzG5rRMfNmIBbv%2BWl5dM7CUaAZvPTJJ4uNnjgLXbT5WIsXm0VZl7cm6ZxAUn5Ofmw6vUhk4jSelSgcqUNge15B6hbuKmkMsiZywmEnN1dFv0p44M7n2WrGt3O"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1dc32bb6727b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1992&min_rtt=1978&rtt_var=752&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1240&delivery_rate=1476238&cwnd=234&unsent_bytes=0&cid=07224a4ed97ca156&ts=932&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XlZPKzFWicOvjMThnupz2wz3Fkg92JW8pekW79EDvv7au1DGBKWPQCgEj23mohGC%2BdzjtOshIMIv6YltHcqXGejW8yF3okYPNRaigSSj5nrH0YH6HB%2B3M1dWcKxHVbtyp%2BgQqgqq"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1dcebfa0729f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1965&min_rtt=1960&rtt_var=746&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1246&delivery_rate=1457085&cwnd=178&unsent_bytes=0&cid=c68ffb67986f0d76&ts=905&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:22 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l2RTjde2CRVbR8uWUbNEyuvbd2AX8H7F8%2FeFK6wJ2H5RFGvEbYWVD0FPuTQnuSYY7AtVotWXPXOcqIaMN29OwLAsxJiWlZygRi1s1D4LRN8KmIXJXFG3sPUaGUA2nopnjolfyp8g"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1dda3b8b43b3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1555&min_rtt=1547&rtt_var=596&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1246&delivery_rate=1810291&cwnd=203&unsent_bytes=0&cid=8ddb7584f92e31b9&ts=922&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2p5x6J%2FsyPWcvc022kaBiTrbYbIluufPN9Dx44Zvu0ibsvEtCWgSOzgjwSVJWz5pP2ZvF8bJqlwuFpfrJX58A31%2BH85jKIjkseEqJdEm6Ag%2BVAA%2BpzsHWdbry%2FfLDOfOZJC8V6fK"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1de5bf940f5b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1477&rtt_var=569&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1245&delivery_rate=1899804&cwnd=221&unsent_bytes=0&cid=b45d5aa266956caf&ts=939&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal56.win@16/27@16/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1768,i,879286866415787046,16484986039293671425,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://yogalisbon.gitcz.pw/sign-in"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1768,i,879286866415787046,16484986039293671425,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
104.21.16.1	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
104.21.112.1	yogalisbon.gitcz.pw	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
135.181.63.70	h.top4top.io	Germany	24940	HETZNER-ASDE	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
code.jquery.com	151.101.194.137	true
h.top4top.io	135.181.63.70	true
www.google.com	142.250.185.228	true
yogalisbon.gitcz.pw	104.21.112.1	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://yogalisbon.gitcz.pw/sign-in/	true		unknown
https://yogalisbon.gitcz.pw/sign-in/favicon.ico	true	Avira URL Cloud: malware	unknown
https://yogalisbon.gitcz.pw/sign-in/favicon-16x16.png	true	Avira URL Cloud: phishing	unknown
https://h.top4top.io/p_2616gsb1a1.png	false	Avira URL Cloud: safe	unknown
https://yogalisbon.gitcz.pw/sign-in	true		unknown
https://yogalisbon.gitcz.pw/sign-in/portu.png	true	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=WIJhcCYgQQ%2BGvigCEIjGVPkvTallWK%2BT0z4vRwyvWazGCEeCwfOLU1ynb1crEXZ6K0Aj75R9su2cfbiXSpF%2BXnisunnHBHc9UqebtXA5Vk5phqXD6iQk3Ielj8MLTR11hJDm%2BVj4	false		high
https://code.jquery.com/jquery-3.5.1.min.js	false		high
https://yogalisbon.gitcz.pw/sign-in/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2	true	Avira URL Cloud: phishing	unknown
https://yogalisbon.gitcz.pw/sign-in/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2	true	Avira URL Cloud: malware	unknown
https://yogalisbon.gitcz.pw/sign-in/lib/main.3c9dcec00d5a12b9aa18.css	true	Avira URL Cloud: malware	unknown
https://yogalisbon.gitcz.pw/sign-in/favicon.svg	true	Avira URL Cloud: malware	unknown
https://a.nel.cloudflare.com/report/v4?s=2p5x6J%2FsyPWcvc022kaBiTrbYbIluufPN9Dx44Zvu0ibsvEtCWgSOzgjwSVJWz5pP2ZvF8bJqlwuFpfrJX58A31%2BH85jKIjkseEqJdEm6Ag%2BVAA%2BpzsHWdbry%2FfLDOfOZJC8V6fK	false		high
https://yogalisbon.gitcz.pw/sign-in/favicon-32x32.png	true	Avira URL Cloud: malware	unknown
https://yogalisbon.gitcz.pw/sign-in/chat-bg-pattern-light.ee148af944f6580293ae.png	true	Avira URL Cloud: malware	unknown
https://yogalisbon.gitcz.pw/sign-in/icon-192x192.png	true	Avira URL Cloud: malware	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 50	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 51	PNG image data, 1200 x 800, 8-bit/color RGB, non-interlaced	6C7736B29DCD83153D97870FD29BD6CD	29992EDB685AE453A514913BBA8CEB8D3100565A	04E311FC683FED5AB4402ADB11154426E0D44D02953D7CD255AF3D8F20B63FF1
Chrome Cache Entry: 52	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 53	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 54	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 55	ASCII text, with no line terminators	FB8C7FF2D2D32EA71E1D1806FAD0D112	A75ABBE86077F4F43736951EA1D92D537C27D6A4	93B79E4D995021FD38EDCAFBF01313C21DBFABC427C671DB40E7BFA3566A6EEE
Chrome Cache Entry: 56	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 57	PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced	6BEBA09270547289D2F24B16D9CB8547	46C6B6A1CF2197971071DE2D0347847DC6F3F7B7	B4908FED4D98B96A44F7BDFE007DEE60F1181927499DFB7B2A3999BDADDAFFF9
Chrome Cache Entry: 58	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 59	PNG image data, 1200 x 800, 8-bit/color RGB, non-interlaced	6C7736B29DCD83153D97870FD29BD6CD	29992EDB685AE453A514913BBA8CEB8D3100565A	04E311FC683FED5AB4402ADB11154426E0D44D02953D7CD255AF3D8F20B63FF1
Chrome Cache Entry: 60	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 61	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 62	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 63	PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced	6BEBA09270547289D2F24B16D9CB8547	46C6B6A1CF2197971071DE2D0347847DC6F3F7B7	B4908FED4D98B96A44F7BDFE007DEE60F1181927499DFB7B2A3999BDADDAFFF9
Chrome Cache Entry: 64	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://yogalisbon.gitcz.pw/sign-in

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://yogalisbon.gitcz.pw/sign-in/favicon.ico	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/favicon.svg	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/favicon-16x16.png	Avira URL Cloud: Label: phishing
Source: https://yogalisbon.gitcz.pw/sign-in/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2	Avira URL Cloud: Label: phishing
Source: https://yogalisbon.gitcz.pw/sign-in/portu.png	Avira URL Cloud: Label: phishing
Source: https://yogalisbon.gitcz.pw/sign-in/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/favicon-32x32.png	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/lib/main.3c9dcec00d5a12b9aa18.css	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/chat-bg-pattern-light.ee148af944f6580293ae.png	Avira URL Cloud: Label: malware
Source: https://yogalisbon.gitcz.pw/sign-in/icon-192x192.png	Avira URL Cloud: Label: malware

HTML body contains low number of good links

Source: https://yogalisbon.gitcz.pw/sign-in/

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://yogalisbon.gitcz.pw/sign-in/

HTML title does not match URL

Source: https://yogalisbon.gitcz.pw/sign-in/

HTTP Parser: Title: Telegram Web does not match URL

Source: https://yogalisbon.gitcz.pw/sign-in/	HTTP Parser: No <meta name="author".. found
Source: https://yogalisbon.gitcz.pw/sign-in/	HTTP Parser: No <meta name="author".. found

Source: https://yogalisbon.gitcz.pw/sign-in/	HTTP Parser: No <meta name="copyright".. found
Source: https://yogalisbon.gitcz.pw/sign-in/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /sign-in HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sign-in/ HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sign-in/lib/main.3c9dcec00d5a12b9aa18.css HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /jquery-3.5.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://yogalisbon.gitcz.pw/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p_2616gsb1a1.png HTTP/1.1Host: h.top4top.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sign-in/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://yogalisbon.gitcz.pwsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://yogalisbon.gitcz.pwsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/portu.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /jquery-3.5.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p_2616gsb1a1.png HTTP/1.1Host: h.top4top.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sign-in/favicon.ico HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/portu.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/favicon.svg HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/favicon-32x32.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/favicon-16x16.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b
Source: global traffic	HTTP traffic detected: GET /sign-in/icon-192x192.png HTTP/1.1Host: yogalisbon.gitcz.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yogalisbon.gitcz.pw/sign-in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5fb9bc2c1c83288e822a8f874a5d641b

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: yogalisbon.gitcz.pw
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: h.top4top.io
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:13 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WIJhcCYgQQ%2BGvigCEIjGVPkvTallWK%2BT0z4vRwyvWazGCEeCwfOLU1ynb1crEXZ6K0Aj75R9su2cfbiXSpF%2BXnisunnHBHc9UqebtXA5Vk5phqXD6iQk3Ielj8MLTR11hJDm%2BVj4"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1da66c84424b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1567&min_rtt=1560&rtt_var=600&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1216&delivery_rate=1801357&cwnd=249&unsent_bytes=0&cid=c7afbd206f8f5ee8&ts=964&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JsbjKnilCkuNZ5zZD3uRY6tPy0vWx0e%2FE6XUOVX4MubTfPI5CnmDMlYGaulxNoI2zxlkEQsnj7Y7C1p9uMLnswK3qtdJY9rIJ%2B64tfAsaiJ%2BlNsGzOE2d4bCCSRUH2rOxOo0fHeN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1daa8930424b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1561&min_rtt=1557&rtt_var=593&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1254&delivery_rate=1829573&cwnd=249&unsent_bytes=0&cid=f8d8285fa429f9fe&ts=900&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3NzrS27bDMMcxeSzYYf5qYF85rLKQVntm%2BgOtoYDq5NTTrdAGSXSeXhPvftXeKPvTDhJvLVGDt7CzYHmoffjMBIqH62jYdq8X0j3Jk2vd8eUEtSFjBFBZvSXuNV%2F246avrFKgopk"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1daa7a8ec34f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1466&min_rtt=1458&rtt_var=564&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1275&delivery_rate=1910994&cwnd=181&unsent_bytes=0&cid=5adfaaf913344937&ts=892&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2VZt4EKQXTB6X6nGE8MrtIAnsks0CdumeFobrOmiAR8SBilgorhv08PWq3J09vU%2BU2rzDXireJRftCFKQHwTZYvIWRRFaaHcOy1IEHH2mKD02dbfFY7AIWCAnOO2tKwfkDWQOlTX"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1daa6ea4729f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1964&min_rtt=1959&rtt_var=746&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1258&delivery_rate=1456359&cwnd=178&unsent_bytes=0&cid=cd8f317d0cfb6a03&ts=943&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:16 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O%2BKS4%2BEpxj%2Bu2yPk8WKPBge0zsAfR3hi1sWH3E1WFYnOuO5NYtuwErEKaJIfOiEo%2BAjeWOEHmx9uGdoxDARLVlHP6Sr3LcqzGL%2BNzlJUhSia%2F5Jf0GCtA1ZXWanKPwz%2FJQG6AeS8"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1db73806727b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1996&min_rtt=1987&rtt_var=752&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1240&delivery_rate=1469552&cwnd=234&unsent_bytes=0&cid=d18e58f23c3bb0be&ts=958&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:18 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UP2n1u3xXns%2F4CxjzG5rRMfNmIBbv%2BWl5dM7CUaAZvPTJJ4uNnjgLXbT5WIsXm0VZl7cm6ZxAUn5Ofmw6vUhk4jSelSgcqUNge15B6hbuKmkMsiZywmEnN1dFv0p44M7n2WrGt3O"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1dc32bb6727b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1992&min_rtt=1978&rtt_var=752&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1240&delivery_rate=1476238&cwnd=234&unsent_bytes=0&cid=07224a4ed97ca156&ts=932&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XlZPKzFWicOvjMThnupz2wz3Fkg92JW8pekW79EDvv7au1DGBKWPQCgEj23mohGC%2BdzjtOshIMIv6YltHcqXGejW8yF3okYPNRaigSSj5nrH0YH6HB%2B3M1dWcKxHVbtyp%2BgQqgqq"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1dcebfa0729f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1965&min_rtt=1960&rtt_var=746&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1246&delivery_rate=1457085&cwnd=178&unsent_bytes=0&cid=c68ffb67986f0d76&ts=905&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:22 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l2RTjde2CRVbR8uWUbNEyuvbd2AX8H7F8%2FeFK6wJ2H5RFGvEbYWVD0FPuTQnuSYY7AtVotWXPXOcqIaMN29OwLAsxJiWlZygRi1s1D4LRN8KmIXJXFG3sPUaGUA2nopnjolfyp8g"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1dda3b8b43b3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1555&min_rtt=1547&rtt_var=596&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1246&delivery_rate=1810291&cwnd=203&unsent_bytes=0&cid=8ddb7584f92e31b9&ts=922&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:51:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2p5x6J%2FsyPWcvc022kaBiTrbYbIluufPN9Dx44Zvu0ibsvEtCWgSOzgjwSVJWz5pP2ZvF8bJqlwuFpfrJX58A31%2BH85jKIjkseEqJdEm6Ag%2BVAA%2BpzsHWdbry%2FfLDOfOZJC8V6fK"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902a1de5bf940f5b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1477&rtt_var=569&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1245&delivery_rate=1899804&cwnd=221&unsent_bytes=0&cid=b45d5aa266956caf&ts=939&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal56.win@16/27@16/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1768,i,879286866415787046,16484986039293671425,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://yogalisbon.gitcz.pw/sign-in"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1768,i,879286866415787046,16484986039293671425,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1592371
Product:	CloudBasic
Start time:	01:50:08
Start date:	16.01.2025
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://yogalisbon.gitcz.pw/sign-in

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://yogalisbon.gitcz.pw/sign-in

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://yogalisbon.gitcz.pw/sign-in