Click to jump to signature section
Source: Yara match | File source: 1.1.pages.csv, type: HTML |
Source: Yara match | File source: 1.1.pages.csv, type: HTML |
Source: Yara match | File source: 1.2.pages.csv, type: HTML |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | LLM: Score: 7 Reasons: The URL in question has a high risk of typosquatting due to the following reasons: 1. The domain name 'cloudflare-ipfs.com' is very similar to the legitimate domain 'cloudflare.com'. The addition of '-ipfs' could easily be mistaken for a subdomain or a legitimate variation of the domain. 2. The URL points to an IPFS (InterPlanetary File System) hash, which is not inherently suspicious but could be used to host malicious content. It is important to verify the authenticity of the content being accessed, especially if it is from an unknown or untrusted source. DOM: 1.1.pages.csv |
Source: about:blank | LLM: Score: 8 Reasons: The text extracted from the OCR appears to be a phishing attempt. It asks the user to input their email address and password, which is a common tactic used by malicious websites to steal user credentials. The 'Remember me' checkbox is also suspicious as it may indicate the use of persistent cookies to track user activity. The URL 'about:blank' does not provide any additional context, but the combination of the URL and the suspicious text suggests a high risk of phishing. DOM: 0.0.pages.csv |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | LLM: Score: 8 brands: None Reasons: The URL 'https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu' does not match any known legitimate domain associated with a specific brand, raising suspicion. The use of a generic 'Webmail' logo and interface in the image without any specific brand identifiers is a common tactic in phishing to mislead users. The domain is hosted on IPFS, which is unusual for legitimate business services that typically use their own domain names. The presence of a login form without additional security measures like CAPTCHA further increases the risk of phishing. DOM: 1.1.pages.csv |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | HTTP Parser: Number of links: 0 |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | HTTP Parser: Title: Mail does not match URL |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | HTTP Parser: <input type="password" .../> found |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | HTTP Parser: No <meta name="author".. found |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | HTTP Parser: No <meta name="author".. found |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | HTTP Parser: No <meta name="copyright".. found |
Source: https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu | HTTP Parser: No <meta name="copyright".. found |
Source: unknown | HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 20.190.190.130:443 -> 192.168.2.17:49712 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49713 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49716 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.17:49721 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.17:49722 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49732 version: TLS 1.2 |
Source: Traffic | Snort IDS: 2032515 ET CURRENT_EVENTS Generic Multibrand Ajax XHR CredPost Phishing Landing 104.17.96.13:443 -> 192.168.2.17:49695 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.30.122.249 |
Source: unknown | TCP traffic detected without corresponding DNS query: 184.30.122.249 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.222.123 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.206.222.123 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.190.130 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.190.130 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.190.130 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.190.130 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.190.130 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.190.130 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.190.130 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown | TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: global traffic | DNS traffic detected: DNS query: cloudflare-ipfs.com |
Source: global traffic | DNS traffic detected: DNS query: stackpath.bootstrapcdn.com |
Source: global traffic | DNS traffic detected: DNS query: www.google.com |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49700 |
Source: unknown | Network traffic detected: HTTP traffic on port 49695 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49676 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown | Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown | Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49695 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49690 |
Source: unknown | Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49700 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49729 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown | Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49726 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: unknown | Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown | Network traffic detected: HTTP traffic on port 49706 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49712 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49678 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49702 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49729 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49690 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown | Network traffic detected: HTTP traffic on port 49680 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49712 |
Source: unknown | Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49705 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49726 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49706 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49705 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49702 |
Source: unknown | HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 20.190.190.130:443 -> 192.168.2.17:49712 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49713 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49716 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.17:49721 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.17:49722 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49732 version: TLS 1.2 |
Source: classification engine | Classification label: mal68.phis.win@16/12@6/117 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps |
Source: unknown | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cloudflare-ipfs.com/ipfs/bafybeiebtesuzqjvlwffqmtiic5jwgjo7rc3vsexjuo26nexklhcgl4qwu |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1988,i,13109954549985302115,7097384076061746047,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1988,i,13109954549985302115,7097384076061746047,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk |