Analysis Report https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com

Overview

General Information

Sample URL: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com
Analysis ID: 356347

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing URL detected (based on various patterns)
Yara detected HtmlPhish_10
HTML body contains low number of good links
Invalid 'forgot password' link found
No HTML title found
URL contains potential PII (phishing indication)

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing URL detected (based on various patterns)
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com Sample URL: PII + legit service
Yara detected HtmlPhish_10
Source: Yara match File source: 473627.pages.csv, type: HTML
Source: Yara match File source: 473627.0.links.csv, type: HTML
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\index[1].html, type: DROPPED
HTML body contains low number of good links
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: Number of links: 0
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: Number of links: 0
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: Number of links: 0
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: Number of links: 0
Invalid 'forgot password' link found
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: Invalid link: Forgot Password?
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: Invalid link: Forgot Password?
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: Invalid link: Forgot Password?
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: Invalid link: Forgot Password?
No HTML title found
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: HTML title missing
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: HTML title missing
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: HTML title missing
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: HTML title missing
URL contains potential PII (phishing indication)
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com Sample URL: PII: brnchadvrt@pella.com
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: No <meta name="author".. found
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: No <meta name="author".. found
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: No <meta name="author".. found
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: No <meta name="author".. found
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: No <meta name="copyright".. found
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: No <meta name="copyright".. found
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34#brnchadvrt@pella.com HTTP Parser: No <meta name="copyright".. found
Source: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb5fce8-3814-4fce-b15b-c1fb6db81c34# HTTP Parser: No <meta name="copyright".. found

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Uses secure TLS version for HTTPS connections
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: code.jquery.com
Source: index[1].html.2.dr String found in binary or memory: http://getbootstrap.com)
Source: popper.min[1].js.2.dr String found in binary or memory: http://opensource.org/licenses/MIT).
Source: index[1].html.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: index[1].html.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: index[1].html.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: index[1].html.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: index[1].html.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: index[1].html.2.dr String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/bootstrap.min.css?alt=media&to
Source: index[1].html.2.dr String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/font-awesome.min.css?alt=media
Source: {1A2936D9-75AB-11EB-90E6-ECF4BB82F7E0}.dat.1.dr String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/speed-fc307.appspot.com/o/index.html?alt=media&token=bfb
Source: free.min[1].css.2.dr, free-fa-solid-900[1].eot.2.dr String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr String found in binary or memory: https://fontawesome.com/license/free
Source: free-fa-solid-900[1].eot.2.dr, free-fa-regular-400[1].eot.2.dr String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: index[1].html.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: bootstrap.min[1].js.2.dr String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[1].js0.2.dr String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].js.2.dr, index[1].html.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: 585b051251[1].js.2.dr String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.2.dr String found in binary or memory: https://kit.fontawesome.com
Source: index[1].html.2.dr String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: index[1].html.2.dr String found in binary or memory: https://logo.clearbit.com/
Source: index[1].html.2.dr String found in binary or memory: https://logosistemis.com/speed/mynewupdate/logged.php
Source: index[1].html.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: index[1].html.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: index[1].html.2.dr String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: imagestore.dat.2.dr, index[1].html.2.dr String found in binary or memory: https://www.google.com/s2/favicons?domain=dell.com?v=BUILD_HASH
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: classification engine Classification label: mal72.phis.win@3/21@6/1
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1A2936D7-75AB-11EB-90E6-ECF4BB82F7E0}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user~1\AppData\Local\Temp\~DF75C49756B6172DCE.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5816 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5816 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 356347 URL: https://firebasestorage.goo... Startdate: 22/02/2021 Architecture: WINDOWS Score: 72 20 Antivirus detection for URL or domain 2->20 22 Antivirus / Scanner detection for submitted sample 2->22 24 Phishing URL detected (based on various patterns) 2->24 26 Yara detected HtmlPhish_10 2->26 6 iexplore.exe 1 51 2->6         started        process3 process4 8 iexplore.exe 2 48 6->8         started        dnsIp5 14 cdnjs.cloudflare.com 104.16.18.94, 443, 49717, 49718 CLOUDFLARENETUS United States 8->14 16 stackpath.bootstrapcdn.com 8->16 18 4 other IPs or domains 8->18 12 C:\Users\user\AppData\Local\...\index[1].html, HTML 8->12 dropped file6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.16.18.94
 unknown United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
cdnjs.cloudflare.com 104.16.18.94 true
stackpath.bootstrapcdn.com unknown unknown
ka-f.fontawesome.com unknown unknown
code.jquery.com unknown unknown
kit.fontawesome.com unknown unknown
maxcdn.bootstrapcdn.com unknown unknown