Source: https://nimbusweb.me/s/share/5487165/gpvilg008fxq3oxcr6eh | SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering |
Source: Yara match | File source: 13099.pages.csv, type: HTML |
Source: https://www.facebook.com/nimbuswebme | HTTP Parser: No <meta name="author".. found |
Source: https://www.facebook.com/nimbuswebme | HTTP Parser: No <meta name="author".. found |
Source: https://nimbusweb.co/contact.php | HTTP Parser: No <meta name="author".. found |
Source: https://nimbusweb.co/contact.php | HTTP Parser: No <meta name="author".. found |
Source: https://twitter.com/nimbuswebinc | HTTP Parser: No <meta name="author".. found |
Source: https://twitter.com/nimbuswebinc | HTTP Parser: No <meta name="author".. found |
Source: https://www.facebook.com/nimbuswebme | HTTP Parser: No <meta name="copyright".. found |
Source: https://www.facebook.com/nimbuswebme | HTTP Parser: No <meta name="copyright".. found |
Source: https://nimbusweb.co/contact.php | HTTP Parser: No <meta name="copyright".. found |
Source: https://nimbusweb.co/contact.php | HTTP Parser: No <meta name="copyright".. found |
Source: https://twitter.com/nimbuswebinc | HTTP Parser: No <meta name="copyright".. found |
Source: https://twitter.com/nimbuswebinc | HTTP Parser: No <meta name="copyright".. found |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic | Jump to behavior |
Source: unknown | HTTPS traffic detected: 13.224.193.106:443 -> 192.168.2.5:49724 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.173.51.37:443 -> 192.168.2.5:49729 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.173.51.37:443 -> 192.168.2.5:49730 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.173.51.37:443 -> 192.168.2.5:49776 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 54.173.51.37:443 -> 192.168.2.5:49777 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 185.60.216.19:443 -> 192.168.2.5:49823 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 185.60.216.19:443 -> 192.168.2.5:49824 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 185.60.216.19:443 -> 192.168.2.5:49825 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 185.60.216.19:443 -> 192.168.2.5:49826 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.5:49828 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.5:49827 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 157.240.20.19:443 -> 192.168.2.5:49829 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 157.240.20.19:443 -> 192.168.2.5:49830 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.5:49833 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.129:443 -> 192.168.2.5:49850 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.194:443 -> 192.168.2.5:49862 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.197:443 -> 192.168.2.5:49869 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.194:443 -> 192.168.2.5:49876 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 152.199.21.141:443 -> 192.168.2.5:49879 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.43.131:443 -> 192.168.2.5:49887 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.43.131:443 -> 192.168.2.5:49890 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.43.131:443 -> 192.168.2.5:49886 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.43.131:443 -> 192.168.2.5:49885 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.43.131:443 -> 192.168.2.5:49888 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.43.131:443 -> 192.168.2.5:49889 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.43.131:443 -> 192.168.2.5:49896 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.43.131:443 -> 192.168.2.5:49897 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.194:443 -> 192.168.2.5:49952 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.244.42.194:443 -> 192.168.2.5:49957 version: TLS 1.2 |
Source: global traffic | HTTP traffic detected: GET /index.php HTTP/1.1Host: nimbusweb.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9 |
Source: global traffic | HTTP traffic detected: GET /nimbuswebinc HTTP/1.1Host: twitter.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9 |
Source: Current Session.0.dr | String found in binary or memory: "$https://www.facebook.com/nimbuswebme equals www.facebook.com (Facebook) |
Source: Current Session.0.dr | String found in binary or memory: "$https://www.facebook.com/nimbuswebme` equals www.facebook.com (Facebook) |
Source: Reporting and NEL.1.dr | String found in binary or memory: #chttpswww.facebook.com equals www.facebook.com (Facebook) |
Source: Current Session.0.dr | String found in binary or memory: $https://www.facebook.com/nimbuswebme equals www.facebook.com (Facebook) |
Source: Network Action Predictor-journal.0.dr | String found in binary or memory: -www.facebook.com equals www.facebook.com (Facebook) |
Source: Network Action Predictor-journal.0.dr | String found in binary or memory: -www.facebook.com- equals www.facebook.com (Facebook) |
Source: Network Action Predictor-journal.0.dr | String found in binary or memory: -www.facebook.com5i\ equals www.facebook.com (Facebook) |
Source: Network Action Predictor.0.dr | String found in binary or memory: -www.facebook.comSQLite format 3 equals www.facebook.com (Facebook) |
Source: 19f8ccd1b7eba916_1.0.dr | String found in binary or memory: < http://www.twitter.com/adspolicy equals www.twitter.com (Twitter) |
Source: 2cc80dabc69f58b6_0.0.dr | String found in binary or memory: HTTP/1.1 200status:200date:Wed, 12 May 2021 18:00:57 GMTetag:W/"4ece-vZ3ika/mr7sCVwj6KGParT5tMLY"expiry:Tue, 31 Mar 1981 05:00:00 GMTpragma:no-cacheserver:tsa_develcontent-type:application/javascript; charset=utf-8x-powered-by:Expresscache-control:no-cache, no-store, must-revalidate, pre-check=0, post-check=0last-modified:Wed, 12 May 2021 18:00:57 GMTcontent-length:3133x-frame-options:DENYcontent-encoding:gzipx-xss-protection:0x-content-type-options:nosniffcontent-security-policy:connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://aa.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akam |