Windows Analysis Report
3661627172.svg

Overview

General Information

Sample name: 3661627172.svg
Analysis ID: 1640783
MD5: b6a88357b2e5cd6ced7d126e00b43081
SHA1: d10bc9ec13b8f1366af43eb1a7c6b1e382c52d6e
SHA256: a24d4b69a5ce681a4ad85800aaaaf900ef55c38970c4c0ccf09036d45f1aa975
Infos:

Detection

HTMLPhisher
Score: 64
Range: 0 - 100
Confidence: 100%

Signatures

Yara detected HtmlPhish44
Yara detected HtmlPhish80
AI detected suspicious Javascript
Yara detected JavaScript embedded in SVG
Creates files inside the system directory
Deletes files inside the Windows folder
IP address seen in connection with other malware
Internet Provider seen in connection with other malware

Classification

Phishing
barindex
Yara detected HtmlPhish44
Source: Yara match File source: dropped/chromecache_61, type: DROPPED
Yara detected HtmlPhish80
Source: Yara match File source: 3661627172.svg, type: SAMPLE
AI detected suspicious Javascript
Source: 1.2..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://kakhuy07co.woofradio.cfd/3IgjcDhi7bbLzyqNi... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. The script generates random alphanumeric strings, extracts subdomains from the current URL, and then redirects the user to a new URL with the subdomain or a random string, followed by a suspicious domain and encoded parameters. This behavior is highly indicative of a malicious script, likely used for phishing or other malicious purposes.
Source: 0.1..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: data:application/ecmascript;base64,dHJ5IHsKICAgIGZ... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The `duruwo` function appears to be decoding a heavily encoded string, which could be used to execute malicious code or redirect the user to a suspicious domain. Additionally, the script attempts to modify the DOM and the window location, which could be used for phishing or other malicious purposes. Overall, this script exhibits a high level of risk and should be thoroughly investigated before execution.
Source: 2.3..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://tonygraham.pwswrp.ru/8T8x6LF1E/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` and `decodeURIComponent()` to decode and execute remote code is a clear indicator of malicious intent. Additionally, the script appears to be sending user data to an untrusted domain, which poses a significant risk of data theft or other malicious activities. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Yara detected JavaScript embedded in SVG
Source: Yara match File source: 3661627172.svg, type: SAMPLE
Source: https://tonygraham.pwswrp.ru/8T8x6LF1E/#3ddimaano%40tonygraham.com HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 142.250.185.132:443 -> 192.168.2.6:49701 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.129.81:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.6:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49706 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.21.32.1 104.21.32.1
Source: Joe Sandbox View IP Address: 104.21.32.1 104.21.32.1
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknown TCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknown TCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknown TCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknown TCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown TCP traffic detected without corresponding DNS query: 217.20.57.35
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.159.68
Source: unknown TCP traffic detected without corresponding DNS query: 20.191.45.158
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /3IgjcDhi7bbLzyqNi74Dxtc1XOq0HV69zuTXLXqnhnYexhMqaslCucBcrtlUAvSaQSHXMHYR05jmstE6iCIFE9U9189WjNjjz6aD13nD5x0ol5cOZZSgb1syufIVGxpC2vKAj025i7NnVFZ9WFKa4eQvR2G4GQlt0NUGhxzukbWwHVKybFjbIYtqNcss36hvXYTTWP3N/YbDwc0zBR3huOXy35f8itseSalgK7rTTlIvJq1ijGxpNl40QvAaRigeNv9w4WgQtfwqU0MZf0ZjFmo6q1zQTQ4McS3cwVqHVdgJViZ0qzMmzR113GzSYhuROL0CvhNuzfR8MwDRER9IzVQyErpcLEotUxoDX7vUphdcT8zYuYxxljaaSPR7ffLs4A1GIZ6QkHtGNWsGY/ddimaano@tonygraham.com HTTP/1.1Host: kakhuy07co.woofradio.cfdConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /8T8x6LF1E/ HTTP/1.1Host: tonygraham.pwswrp.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://kakhuy07co.woofradio.cfd/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tonygraham.pwswrp.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tonygraham.pwswrp.ru/8T8x6LF1E/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjFJTU9NK21wdENOYWFzVzV2cjNqWEE9PSIsInZhbHVlIjoiSVZid21IWmo0cWJrT293NVlKME1MQ0F6d3N4Q2xOYWp0TzREcGNidGdyd0phbElhMm1FUHNPQmIzb3BwL3pHUFlFWlZEYnhhcmpQSkRxdUloRmRRRkJBdnVyQy9NRVNqTHRZUUVMVnlya0VmdWMzZDh2TitmQjcxWUZqLzJERU4iLCJtYWMiOiI0YzJmN2EwYzgwODUxYTMzNDhjMTBmZmE3N2JhZjI0ZDQyNWYyYjg3YTkwYzU1ZmEwYWI1ZjUyNTlmOGEyOGU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImVCRzFMaVBrSEJaMWlvOTNyMXhGcnc9PSIsInZhbHVlIjoiZUR3dlJlcFB4SWFYNnkzaU1mYmMyVnlwdmJUNCtWS3E0QWVWc0tMRjdOc3NyTExhZkxBejE2OW03MmRpcHFkRUV5dWpUcXdnSEx1dkNQUUtSSE1NYzc1WEhmbWdDcHRRYWlrTzdWSmp1VkVkcUxRa0hvNE45bG9ya2tQOUtBYWciLCJtYWMiOiJlYzQxODdhNDkwMjIzZjY1MGI2OTY5Y2NmYWEyMDMxYTZiMGNjYzQwZTAzYjRlNDk2OWYxYzU1OTdhZGNjYzU0IiwidGFnIjoiIn0%3D
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: kakhuy07co.woofradio.cfd
Source: global traffic DNS traffic detected: DNS query: tonygraham.pwswrp.ru
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknown HTTP traffic detected: POST /report/v4?s=Nl%2BJeCS3dkb8Dff3IbH9YTD8fPx1d19BRmmJvN3eH0WTCo%2BpZ9qE35kkki8XMmdrDxXaTwBGr5CK0QkZQJjGXJPpNKWMLmpGidCObFOh%2BeHDDWUP8XASbUGApZ%2BPASX5k1hN HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 438Content-Type: application/reports+jsonOrigin: https://tonygraham.pwswrp.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 17:18:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: cloudflareReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nl%2BJeCS3dkb8Dff3IbH9YTD8fPx1d19BRmmJvN3eH0WTCo%2BpZ9qE35kkki8XMmdrDxXaTwBGr5CK0QkZQJjGXJPpNKWMLmpGidCObFOh%2BeHDDWUP8XASbUGApZ%2BPASX5k1hN"}],"group":"cf-nel","max_age":604800}Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer-Timing: cfL4;desc="?proto=TCP&rtt=1110&min_rtt=1096&rtt_var=439&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2245&delivery_rate=2397350&cwnd=251&unsent_bytes=0&cid=9b7795a91c0410be&ts=80&x=0"Cache-Control: max-age=14400Cf-Cache-Status: MISSCF-RAY: 921e2629fa5e8d3f-EWRalt-svc: h3=":443"; ma=86400
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49682
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown HTTPS traffic detected: 142.250.185.132:443 -> 192.168.2.6:49701 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.129.81:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.6:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49706 version: TLS 1.2
Creates files inside the system directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\scoped_dir7552_859829264 Jump to behavior
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\scoped_dir7552_859829264 Jump to behavior
Source: classification engine Classification label: mal64.phis.winSVG@27/4@10/6
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1924,i,10494982236509602108,7760536900289131602,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\3661627172.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1924,i,10494982236509602108,7760536900289131602,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1640783 Sample: 3661627172.svg Startdate: 17/03/2025 Architecture: WINDOWS Score: 64 24 Yara detected HtmlPhish80 2->24 26 Yara detected HtmlPhish44 2->26 28 AI detected suspicious Javascript 2->28 30 Yara detected JavaScript embedded in SVG 2->30 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.16 unknown unknown 6->14 16 192.168.2.6, 138, 443, 49681 unknown unknown 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 tonygraham.pwswrp.ru 104.21.32.1, 443, 49704, 49705 CLOUDFLARENETUS United States 11->18 20 kakhuy07co.woofradio.cfd 11->20 22 3 other IPs or domains 11->22
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.32.1
 tonygraham.pwswrp.ru United States
13335 CLOUDFLARENETUS true
142.250.185.132
 www.google.com United States
15169 GOOGLEUS false
172.67.129.81
 unknown United States
13335 CLOUDFLARENETUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.16
192.168.2.6

Contacted Domains

Name IP Active
tonygraham.pwswrp.ru 104.21.32.1 true
a.nel.cloudflare.com 35.190.80.1 true
kakhuy07co.woofradio.cfd 104.21.2.147 true
www.google.com 142.250.185.132 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://tonygraham.pwswrp.ru/8T8x6LF1E/#3ddimaano%40tonygraham.com false
    		unknown
    https://tonygraham.pwswrp.ru/8T8x6LF1E/ true
    • Avira URL Cloud: safe
    		 unknown
    https://a.nel.cloudflare.com/report/v4?s=Nl%2BJeCS3dkb8Dff3IbH9YTD8fPx1d19BRmmJvN3eH0WTCo%2BpZ9qE35kkki8XMmdrDxXaTwBGr5CK0QkZQJjGXJPpNKWMLmpGidCObFOh%2BeHDDWUP8XASbUGApZ%2BPASX5k1hN false
      		high
      https://tonygraham.pwswrp.ru/favicon.ico false
      • Avira URL Cloud: safe
      		 unknown