Windows Analysis Report
https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

Overview

General Information

Sample URL:	https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com
Analysis ID:	1416962
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected HtmlPhish10

Form action URLs do not match main URL

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Suspicious form URL found

URL contains potential PII (phishing indication)

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://iboymegapanel.com/en/generaldomain.php	Avira URL Cloud: Label: phishing
Source: https://cloudflare-ipfs.com/favicon.ico	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: https://cloudflare-ipfs.com/favicon.ico	Virustotal: Detection: 16%			Perma Link
Source: https://iboymegapanel.com/en/generaldomain.php	Virustotal: Detection: 11%			Perma Link

Multi AV Scanner detection for submitted file

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

Virustotal: Detection: 13%

Perma Link

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_79, type: DROPPED

Form action URLs do not match main URL

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Form action: https://iboymegapanel.com/en/generaldomain.php cloudflare-ipfs iboymegapanel

HTML body contains low number of good links

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Title: SYSTEM-ASEFIN does not match URL

Invalid 'forgot password' link found

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Invalid link: Forgot Password?

Suspicious form URL found

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Form action: https://iboymegapanel.com/en/generaldomain.php

URL contains potential PII (phishing indication)

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

Sample URL: PII: r.cortes@system-asefin.com

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: <input type="password" .../> found

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: No <meta name="author".. found

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49731 version: TLS 1.2

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2031923 ET CURRENT_EVENTS Generic Custom Logo Phishing Landing 2021-03-10 104.17.96.13:443 -> 192.168.2.6:49704
Source: Traffic	Snort IDS: 2032515 ET CURRENT_EVENTS Generic Multibrand Ajax XHR CredPost Phishing Landing 104.17.96.13:443 -> 192.168.2.6:49704

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/ HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/css/hover.css HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=H3mHDp3O4eQfKewQ4Z1QTw1mRBpB7EvEjT62EAozaKk-1711620177-1.0.1.1-JKL9oLC0eVmf5jE_VmKXOffC5YPsw9ub8UX4teghF0.C.1XX8neZlTQrs6njAGb9mxUHtVeHtT6x6xgVjtrO_Q
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/css/hover.css HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=H3mHDp3O4eQfKewQ4Z1QTw1mRBpB7EvEjT62EAozaKk-1711620177-1.0.1.1-JKL9oLC0eVmf5jE_VmKXOffC5YPsw9ub8UX4teghF0.C.1XX8neZlTQrs6njAGb9mxUHtVeHtT6x6xgVjtrO_Q
Source: global traffic	HTTP traffic detected: GET /https://system-asefin.com HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/auth/68840-32078/width/1200/https://system-asefin.com HTTP/1.1Host: image.thum.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /https://system-asefin.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=H3mHDp3O4eQfKewQ4Z1QTw1mRBpB7EvEjT62EAozaKk-1711620177-1.0.1.1-JKL9oLC0eVmf5jE_VmKXOffC5YPsw9ub8UX4teghF0.C.1XX8neZlTQrs6njAGb9mxUHtVeHtT6x6xgVjtrO_Q
Source: global traffic	HTTP traffic detected: GET /get/auth/68840-32078/width/1200/https://system-asefin.com HTTP/1.1Host: image.thum.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: cloudflare-ipfs.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 10:02:57 GMTContent-Type: text/plain; charset=utf-8Content-Length: 185Connection: closeCF-Ray: 86b6c99d986c207c-IADCF-Cache-Status: EXPIREDAccess-Control-Allow-Origin: *Cache-Control: no-storeVary: Accept-Encodingaccess-control-allow-headers: Content-Typeaccess-control-allow-headers: Rangeaccess-control-allow-headers: User-Agentaccess-control-allow-headers: X-Requested-Withaccess-control-allow-methods: GETaccess-control-expose-headers: Content-Lengthaccess-control-expose-headers: Content-Rangeaccess-control-expose-headers: X-Chunked-Outputaccess-control-expose-headers: X-Ipfs-Pathaccess-control-expose-headers: X-Ipfs-Rootsaccess-control-expose-headers: X-Stream-Outputx-cf-ipfs-cache-status: missx-content-type-options: nosniffx-ipfs-path: /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/css/hover.cssServer: cloudflarealt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 10:02:58 GMTContent-Type: text/plain; charset=utf-8Content-Length: 185Connection: closeCF-Ray: 86b6c9a5da9e7fdc-IADCF-Cache-Status: HITAccess-Control-Allow-Origin: *Age: 1Cache-Control: no-storeVary: Accept-Encodingaccess-control-allow-headers: Content-Typeaccess-control-allow-headers: Rangeaccess-control-allow-headers: User-Agentaccess-control-allow-headers: X-Requested-Withaccess-control-allow-methods: GETaccess-control-expose-headers: Content-Lengthaccess-control-expose-headers: Content-Rangeaccess-control-expose-headers: X-Chunked-Outputaccess-control-expose-headers: X-Ipfs-Pathaccess-control-expose-headers: X-Ipfs-Rootsaccess-control-expose-headers: X-Stream-Outputx-cf-ipfs-cache-status: missx-content-type-options: nosniffx-ipfs-path: /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/css/hover.cssServer: cloudflarealt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 10:03:11 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 14Connection: closeServer: cloudflareCF-RAY: 86b6c9f23a3e6ff2-IADalt-svc: h3=":443"; ma=86400

Source: chromecache_79.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_77.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_76.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_79.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_77.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_79.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_79.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_79.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: chromecache_79.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: chromecache_77.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_77.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_77.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_75.2.dr, chromecache_78.2.dr, chromecache_64.2.dr, chromecache_68.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_75.2.dr, chromecache_78.2.dr, chromecache_64.2.dr, chromecache_68.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rHmsJCQ.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rXmsJCQ.wo
Source: chromecache_63.2.dr, chromecache_74.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_69.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_69.2.dr, chromecache_79.2.dr, chromecache_63.2.dr, chromecache_74.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_69.2.dr, chromecache_74.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_79.2.dr	String found in binary or memory: https://iboymegapanel.com/en/generaldomain.php
Source: chromecache_79.2.dr	String found in binary or memory: https://image.thum.io/get/auth/68840-32078/width/1200/https://
Source: chromecache_77.2.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_77.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_77.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_77.2.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_77.2.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_65.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: chromecache_65.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: chromecache_79.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: chromecache_79.2.dr	String found in binary or memory: https://logo.clearbit.com/
Source: chromecache_79.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: chromecache_79.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_77.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_79.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: chromecache_77.2.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_77.2.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?domain=

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49731 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@16/38@26/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2244,i,16829967867219197248,9708613182049599070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2244,i,16829967867219197248,9708613182049599070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.96.13	cloudflare-ipfs.com	United States	13335	CLOUDFLARENETUS	true
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
34.195.143.153	image.thum.io	United States	14618	AMAZON-AESUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
34.200.110.212	unknown	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.85.151.98	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false
172.253.62.104	www.google.com	United States	15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
52.85.151.109	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.6

Contacted Domains

Name	IP	Active
stackpath.bootstrapcdn.com	104.18.11.207	true
d26p066pn2w0s0.cloudfront.net	52.85.151.98	true
code.jquery.com	151.101.130.137	true
cdnjs.cloudflare.com	104.17.25.14	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
cloudflare-ipfs.com	104.17.96.13	true
www.google.com	172.253.62.104	true
image.thum.io	34.195.143.153	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
ka-f.fontawesome.com	unknown	unknown
kit.fontawesome.com	unknown	unknown
logo.clearbit.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-3.2.1.slim.min.js	false		high
https://cloudflare-ipfs.com/favicon.ico	true	16%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false		high
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	false		high
https://code.jquery.com/jquery-3.3.1.js	false		high
https://image.thum.io/get/auth/68840-32078/width/1200/https://system-asefin.com	false	Avira URL Cloud: safe	unknown
https://logo.clearbit.com/https://system-asefin.com	false		high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 61	ASCII text	CBA4ED6C809962AC6C2A26842183B67A	3F8E077AFC8EF5BAB7FA626EA782DAE34D419BBE	AAE65C231008861C6430EBE296C926E728C4D2CCB1492F86E42D760E9B67D9A5
Chrome Cache Entry: 62	PNG image data, 1200 x 1200, 8-bit/color RGB, non-interlaced	814C3C405C89327822EC4D4DEBA32BFF	78FB441543CEC161BF45220D63420AD09B66DCA6	17F7B3F7D74571773EDE7E7C50DD7E7A2DDCE016ADE3731FE978A2ABD6720734
Chrome Cache Entry: 63	ASCII text, with very long lines (65325)	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
Chrome Cache Entry: 64	ASCII text, with very long lines (60130)	A12EC7EBE75A4D59A5DD6B79E2BA2E16	28F5DCC595EE6D4163481EF64170180502C8629B	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
Chrome Cache Entry: 65	ASCII text, with very long lines (11461)	55D343A40C7166A79FD314F13CBB2E93	96904A849C32CA220E0AAA2AE3E81CF2B5CDF764	A1F75D6278713A84A8F28A392C77CA8A6A7C32BF14314D4A34A6CE2F06CFDF7A
Chrome Cache Entry: 66	ASCII text, with no line terminators	4C42AB4890733A2B01B1B3269C4855E7	5B68BFE664DCBC629042EA45C23954EEF1A9F698	F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
Chrome Cache Entry: 67	Web Open Font Format (Version 2), TrueType, length 78168, version 331.-31196	A9FD1225FB2CD32320E2B931DCA01089	44EC5C6A868B4CE62350D9F040ED8E18F7A1D128	C5DD43F53F3AF822CBF17B1FB75F46192CDBD51724F277ACF6CF0DACB3FD57E7
Chrome Cache Entry: 68	ASCII text, with very long lines (26500)	76F34B71FC9FB641507FF6A822CC07F5	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
Chrome Cache Entry: 69	ASCII text, with very long lines (50758)	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
Chrome Cache Entry: 70	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 71	ASCII text, with very long lines (32030)	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
Chrome Cache Entry: 72	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced	F2146A95EFBDED63B26AE59DD5766990	B8D8C811F871E547251A80703BB9184B5E404F9D	6A5D30AC4E06EE4CBE868A16F6C6ACDA35F5C6D3234B692F032CDC67969B544F
Chrome Cache Entry: 73	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 74	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 75	ASCII text, with very long lines (60130)	A12EC7EBE75A4D59A5DD6B79E2BA2E16	28F5DCC595EE6D4163481EF64170180502C8629B	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
Chrome Cache Entry: 76	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 77	ASCII text	6A07DA9FAE934BAF3F749E876BBFDD96	46A436EBA01C79ACDB225757ED80BF54BAD6416B	D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
Chrome Cache Entry: 78	ASCII text, with very long lines (26500)	76F34B71FC9FB641507FF6A822CC07F5	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
Chrome Cache Entry: 79	HTML document, ASCII text, with very long lines (64137), with CRLF line terminators	D2785506D209D8D5B98910E84F68178B	D80E93233AC249AED926C4AB5F1C2CD429A7C68E	C23C3FF8C4D58C46C9B5E8ECA0517D80F908598994DA833B502A604A56901454
Chrome Cache Entry: 80	ASCII text, with no line terminators	D0FBDA9855D118740F1105334305C126	BC3023B36063A7681DB24681472B54FA11F0D4EC	A469AB4CA4E55BF547566E9EBFA1B809C933207E9D558156BC0C4252B17533FE
Chrome Cache Entry: 81	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced	F2146A95EFBDED63B26AE59DD5766990	B8D8C811F871E547251A80703BB9184B5E404F9D	6A5D30AC4E06EE4CBE868A16F6C6ACDA35F5C6D3234B692F032CDC67969B544F

AV Detection

Antivirus detection for URL or domain

Source: https://iboymegapanel.com/en/generaldomain.php	Avira URL Cloud: Label: phishing
Source: https://cloudflare-ipfs.com/favicon.ico	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: https://cloudflare-ipfs.com/favicon.ico	Virustotal: Detection: 16%			Perma Link
Source: https://iboymegapanel.com/en/generaldomain.php	Virustotal: Detection: 11%			Perma Link

Multi AV Scanner detection for submitted file

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

Virustotal: Detection: 13%

Perma Link

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_79, type: DROPPED

Form action URLs do not match main URL

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Form action: https://iboymegapanel.com/en/generaldomain.php cloudflare-ipfs iboymegapanel

HTML body contains low number of good links

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Title: SYSTEM-ASEFIN does not match URL

Invalid 'forgot password' link found

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Invalid link: Forgot Password?

Suspicious form URL found

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: Form action: https://iboymegapanel.com/en/generaldomain.php

URL contains potential PII (phishing indication)

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

Sample URL: PII: r.cortes@system-asefin.com

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: <input type="password" .../> found

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: No <meta name="author".. found

Source: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49731 version: TLS 1.2

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2031923 ET CURRENT_EVENTS Generic Custom Logo Phishing Landing 2021-03-10 104.17.96.13:443 -> 192.168.2.6:49704
Source: Traffic	Snort IDS: 2032515 ET CURRENT_EVENTS Generic Multibrand Ajax XHR CredPost Phishing Landing 104.17.96.13:443 -> 192.168.2.6:49704

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/ HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/css/hover.css HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=H3mHDp3O4eQfKewQ4Z1QTw1mRBpB7EvEjT62EAozaKk-1711620177-1.0.1.1-JKL9oLC0eVmf5jE_VmKXOffC5YPsw9ub8UX4teghF0.C.1XX8neZlTQrs6njAGb9mxUHtVeHtT6x6xgVjtrO_Q
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/css/hover.css HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=H3mHDp3O4eQfKewQ4Z1QTw1mRBpB7EvEjT62EAozaKk-1711620177-1.0.1.1-JKL9oLC0eVmf5jE_VmKXOffC5YPsw9ub8UX4teghF0.C.1XX8neZlTQrs6njAGb9mxUHtVeHtT6x6xgVjtrO_Q
Source: global traffic	HTTP traffic detected: GET /https://system-asefin.com HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get/auth/68840-32078/width/1200/https://system-asefin.com HTTP/1.1Host: image.thum.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /https://system-asefin.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=H3mHDp3O4eQfKewQ4Z1QTw1mRBpB7EvEjT62EAozaKk-1711620177-1.0.1.1-JKL9oLC0eVmf5jE_VmKXOffC5YPsw9ub8UX4teghF0.C.1XX8neZlTQrs6njAGb9mxUHtVeHtT6x6xgVjtrO_Q
Source: global traffic	HTTP traffic detected: GET /get/auth/68840-32078/width/1200/https://system-asefin.com HTTP/1.1Host: image.thum.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: cloudflare-ipfs.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 10:02:57 GMTContent-Type: text/plain; charset=utf-8Content-Length: 185Connection: closeCF-Ray: 86b6c99d986c207c-IADCF-Cache-Status: EXPIREDAccess-Control-Allow-Origin: *Cache-Control: no-storeVary: Accept-Encodingaccess-control-allow-headers: Content-Typeaccess-control-allow-headers: Rangeaccess-control-allow-headers: User-Agentaccess-control-allow-headers: X-Requested-Withaccess-control-allow-methods: GETaccess-control-expose-headers: Content-Lengthaccess-control-expose-headers: Content-Rangeaccess-control-expose-headers: X-Chunked-Outputaccess-control-expose-headers: X-Ipfs-Pathaccess-control-expose-headers: X-Ipfs-Rootsaccess-control-expose-headers: X-Stream-Outputx-cf-ipfs-cache-status: missx-content-type-options: nosniffx-ipfs-path: /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/css/hover.cssServer: cloudflarealt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 10:02:58 GMTContent-Type: text/plain; charset=utf-8Content-Length: 185Connection: closeCF-Ray: 86b6c9a5da9e7fdc-IADCF-Cache-Status: HITAccess-Control-Allow-Origin: *Age: 1Cache-Control: no-storeVary: Accept-Encodingaccess-control-allow-headers: Content-Typeaccess-control-allow-headers: Rangeaccess-control-allow-headers: User-Agentaccess-control-allow-headers: X-Requested-Withaccess-control-allow-methods: GETaccess-control-expose-headers: Content-Lengthaccess-control-expose-headers: Content-Rangeaccess-control-expose-headers: X-Chunked-Outputaccess-control-expose-headers: X-Ipfs-Pathaccess-control-expose-headers: X-Ipfs-Rootsaccess-control-expose-headers: X-Stream-Outputx-cf-ipfs-cache-status: missx-content-type-options: nosniffx-ipfs-path: /ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/css/hover.cssServer: cloudflarealt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 10:03:11 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 14Connection: closeServer: cloudflareCF-RAY: 86b6c9f23a3e6ff2-IADalt-svc: h3=":443"; ma=86400

Source: chromecache_79.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_77.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_76.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_79.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: chromecache_77.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_77.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_79.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_79.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_79.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: chromecache_79.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: chromecache_77.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_77.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: chromecache_77.2.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: chromecache_75.2.dr, chromecache_78.2.dr, chromecache_64.2.dr, chromecache_68.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_75.2.dr, chromecache_78.2.dr, chromecache_64.2.dr, chromecache_68.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rHmsJCQ.wo
Source: chromecache_61.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rXmsJCQ.wo
Source: chromecache_63.2.dr, chromecache_74.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_69.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_77.2.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_69.2.dr, chromecache_79.2.dr, chromecache_63.2.dr, chromecache_74.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_69.2.dr, chromecache_74.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: chromecache_77.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: chromecache_79.2.dr	String found in binary or memory: https://iboymegapanel.com/en/generaldomain.php
Source: chromecache_79.2.dr	String found in binary or memory: https://image.thum.io/get/auth/68840-32078/width/1200/https://
Source: chromecache_77.2.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: chromecache_77.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_77.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_77.2.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: chromecache_77.2.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_65.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: chromecache_65.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: chromecache_79.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: chromecache_79.2.dr	String found in binary or memory: https://logo.clearbit.com/
Source: chromecache_79.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: chromecache_79.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: chromecache_77.2.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: chromecache_77.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_79.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: chromecache_77.2.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_77.2.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: chromecache_79.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?domain=

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49731 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@16/38@26/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2244,i,16829967867219197248,9708613182049599070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2244,i,16829967867219197248,9708613182049599070,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1416962
Product:	CloudBasic
Start time:	11:02:04
Start date:	28.03.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://cloudflare-ipfs.com/ipfs/bafybeific5oh7p6dvnpe2yvzaxfuvvaf5c6xpacgz774hqgtk4xznu2v5m/#r.cortes@system-asefin.com