Windows Analysis Report
2024-04-16_11h42_39.png

Overview

General Information

Sample name: 2024-04-16_11h42_39.png
Analysis ID: 1426615
MD5: a900311b58ddd076cebb12bcf98b21e2
SHA1: 17e38bc13fb32228993320eea842797be742a8d4
SHA256: 5ccb7aa64e5dfa45703f73615f45b21f41cc34a7b71a419bb7b4cc1374117463
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Creates files inside the system directory
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML title does not match URL
IP address seen in connection with other malware
Invalid 'forgot password' link found
Invalid T&C link found
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://cloudflare-ipfs.com/favicon.ico URL Reputation: Label: malware
Multi AV Scanner detection for domain / URL
Source: thirdmandomavis.com Virustotal: Detection: 15% Perma Link
Source: cloudflare-ipfs.com Virustotal: Detection: 12% Perma Link
Source: https://thirdmandomavis.com/js.js Virustotal: Detection: 15% Perma Link
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze Virustotal: Detection: 11% Perma Link

Phishing
barindex
Phishing site detected (based on image similarity)
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: <input type="password" .../> found but no <form action="...
HTML body with high number of embedded images detected
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Total embedded image size: 46409
HTML title does not match URL
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Title: Authenticating ... does not match URL
Invalid 'forgot password' link found
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Invalid link: Forgot password?
Invalid T&C link found
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Invalid link: Sites help you work on projects with your team and share information from anywhere on any device. Create or follow sites to see them here.
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Invalid link: Terms of use
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Invalid link: Privacy & cookies
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Invalid link: Sites help you work on projects with your team and share information from anywhere on any device. Create or follow sites to see them here.
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Invalid link: Terms of use
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: Invalid link: Privacy & cookies
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: <input type="password" .../> found
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: No favicon
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: No favicon
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: No <meta name="author".. found
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: No <meta name="author".. found
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: No <meta name="copyright".. found
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.7:49741 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.17.96.13 104.17.96.13
Source: Joe Sandbox View IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View IP Address: 13.107.246.40 13.107.246.40
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: global traffic HTTP traffic detected: GET /hbfzkBMQ4s HTTP/1.1Host: www.qrfy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js.js HTTP/1.1Host: thirdmandomavis.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqzeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=s3ichK8dkqJvZNMs9dn1gFFNqF9_5M3Jc44bFurcULg-1713260639-1.0.1.1-8p6i8spHiCTCsdiMFuGlJcGUy.a20re65qf.8D3N9SpiolEvBDXTAYWFTKUTm9_bs0vBUDeEXvZknBej23D6LQ
Source: global traffic HTTP traffic detected: GET /ajax/libs/font-awesome/6.1.1/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.woff2 HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pg2x9vAWVXfG9+A&MD=9Sc+AKcL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pg2x9vAWVXfG9+A&MD=9Sc+AKcL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknown DNS traffic detected: queries for: www.qrfy.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 09:44:00 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 14Connection: closeServer: cloudflareCF-RAY: 87533bfc988953c7-ATLalt-svc: h3=":443"; ma=86400
Source: chromecache_59.3.dr String found in binary or memory: https://cdn.socket.io/4.6.0/socket.io.min.js
Source: chromecache_67.3.dr String found in binary or memory: https://fontawesome.com
Source: chromecache_67.3.dr String found in binary or memory: https://fontawesome.com/license/free
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.7:49741 version: TLS 1.2
Creates files inside the system directory
Source: C:\Windows\SysWOW64\mspaint.exe File created: C:\Windows\Debug\WIA Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe File created: C:\Windows\Debug\WIA\wiatrace.log Jump to behavior
Source: classification engine Classification label: mal64.phis.winPNG@16/38@18/14
Source: C:\Windows\SysWOW64\mspaint.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\SysWOW64\mspaint.exe mspaint.exe "C:\Users\user\Desktop\2024-04-16_11h42_39.png"
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.qrfy.com/hbfzkBMQ4s
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2072,i,2155693389170485184,14401983771675100146,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2072,i,2155693389170485184,14401983771675100146,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: mfc42u.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: uiribbon.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: sti.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: wiatrace.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: photometadatahandler.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: mspaint.exe, 00000000.00000002.2372150327.000000000313D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Windows\SysWOW64\mspaint.exe Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\mspaint.exe Queries volume information: C:\Users\user\Desktop\2024-04-16_11h42_39.png VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1426615 Sample: 2024-04-16_11h42_39.png Startdate: 16/04/2024 Architecture: WINDOWS Score: 64 24 Multi AV Scanner detection for domain / URL 2->24 26 Antivirus detection for URL or domain 2->26 28 Phishing site detected (based on image similarity) 2->28 30 Phishing site detected (based on logo match) 2->30 6 chrome.exe 1 2->6         started        9 mspaint.exe 1 3 2->9         started        process3 dnsIp4 14 192.168.2.7, 123, 138, 443 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 part-0012.t-0009.t-msedge.net 13.107.213.40, 443, 49710, 49711 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->18 20 13.107.213.41, 443, 49725 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->20 22 15 other IPs or domains 11->22
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.17.96.13
 cloudflare-ipfs.com United States
13335 CLOUDFLARENETUS false
104.17.24.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
13.107.246.41
 part-0013.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.246.40
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
104.18.20.78
 www.qrfy.com United States
13335 CLOUDFLARENETUS false
152.199.4.44
 cs1100.wpc.omegacdn.net United States
15133 EDGECASTUS false
104.21.2.93
 thirdmandomavis.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
192.229.173.207
 cs837.wac.edgecastcdn.net United States
15133 EDGECASTUS false
13.107.213.41
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.107.213.40
 part-0012.t-0009.t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
3.162.103.56
 d2vgu95hoyrpkh.cloudfront.net United States
16509 AMAZON-02US false
142.250.9.103
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.7

Contacted Domains

Name IP Active
part-0013.t-0009.t-msedge.net 13.107.246.41 true
thirdmandomavis.com 104.21.2.93 true
cs1100.wpc.omegacdn.net 152.199.4.44 true
d2vgu95hoyrpkh.cloudfront.net 3.162.103.56 true
www.qrfy.com 104.18.20.78 true
cs837.wac.edgecastcdn.net 192.229.173.207 true
cdnjs.cloudflare.com 104.17.24.14 true
cloudflare-ipfs.com 104.17.96.13 true
www.google.com 142.250.9.103 true
part-0012.t-0009.t-msedge.net 13.107.213.40 true
aadcdn.msftauth.net unknown unknown
www.w3schools.com unknown unknown
cdn.socket.io unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze false unknown
https://www.qrfy.com/hbfzkBMQ4s false unknown
https://cloudflare-ipfs.com/favicon.ico false
  • URL Reputation: malware
 unknown
https://cdn.socket.io/4.6.0/socket.io.min.js false
    		high
    https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# true
    • SlashNext: Credential Stealing type: Phishing & Social Engineering
    		 unknown
    https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css false
      		high
      https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.woff2 false
        		high
        https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg false unknown
        https://www.w3schools.com/w3css/4/w3.css false
          		high
          https://thirdmandomavis.com/js.js false unknown