Windows Analysis Report https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fatlanticcomfort.dorik.io%2f&c=E,1,CGwy269fqEdis4zLq70Us0gFSsYJjbjhi_GiMYHnlRZj_HSpD7ZJLkeDvqcLZY5oWUGF9CTkD2PCF1bkYutrdhOa3W8aURgdCoy4cmWPO-hoLkJ4ulrHbA,,&typo=1

Overview

General Information

Sample URL: https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fatlanticcomfort.dorik.io%2f&c=E,1,CGwy269fqEdis4zLq70Us0gFSsYJjbjhi_GiMYHnlRZj_HSpD7ZJLkeDvqcLZY5oWUGF9CTkD2PCF1bkYutrdhOa3W8aURgdCoy4cmWPO-hoLkJ4ulrHbA,,&typo=1
Analysis ID: 491704
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Phishing site detected (based on shot template match)
Yara detected HtmlPhish7
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on image similarity)
HTML body contains low number of good links
No HTML title found

Classification

AV Detection:

barindex
Antivirus detection for URL or domain
Source: https://atlanticcomfort.dorik.io/ SlashNext: Label: Fake Login Page type: Phishing & Social usering

Phishing:

barindex
Phishing site detected (based on shot template match)
Source: https://stamvifordsgct.top/pakl/adobe2020/ Matcher: Template: office matched
Yara detected HtmlPhish7
Source: Yara match File source: 56049.1.pages.csv, type: HTML
Yara detected HtmlPhish10
Source: Yara match File source: 56049.1.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: https://stamvifordsgct.top/pakl/adobe2020/ Matcher: Found strong image similarity, brand: Microsoft image: 56049.1.img.4.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: https://stamvifordsgct.top/pakl/adobe2020/ Matcher: Found strong image similarity, brand: Microsoft image: 56049.1.img.5.gfk.csv FE22440D79FFA34950F512EF4A718B2A
HTML body contains low number of good links
Source: https://stamvifordsgct.top/pakl/adobe2020/ HTTP Parser: Number of links: 0
Source: https://stamvifordsgct.top/pakl/adobe2020/ HTTP Parser: Number of links: 0
No HTML title found
Source: https://stamvifordsgct.top/pakl/adobe2020/ HTTP Parser: HTML title missing
Source: https://stamvifordsgct.top/pakl/adobe2020/ HTTP Parser: HTML title missing
Source: https://stamvifordsgct.top/pakl/adobe2020/ HTTP Parser: No <meta name="author".. found
Source: https://stamvifordsgct.top/pakl/adobe2020/ HTTP Parser: No <meta name="author".. found
Source: https://stamvifordsgct.top/pakl/adobe2020/ HTTP Parser: No <meta name="copyright".. found
Source: https://stamvifordsgct.top/pakl/adobe2020/ HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 104.219.248.46:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: accounts.google.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: global traffic HTTP traffic detected: GET /url?a=http%3a%2f%2fatlanticcomfort.dorik.io%2f&c=E,1,CGwy269fqEdis4zLq70Us0gFSsYJjbjhi_GiMYHnlRZj_HSpD7ZJLkeDvqcLZY5oWUGF9CTkD2PCF1bkYutrdhOa3W8aURgdCoy4cmWPO-hoLkJ4ulrHbA,,&typo=1 HTTP/1.1Host: linkprotect.cudasvc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: atlanticcomfort.dorik.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /6151e5833eb7a900117248ca/css/index.css?v=55f53aa0b8edb906abe58e9ac6229f170dfd6988 HTTP/1.1Host: cdn.dorik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://atlanticcomfort.dorik.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /6144cea3898d820011339fe9/6151e5833eb7a900117248ca/images/Invoice_FIle_1-(37).pdf_5ujctja8.png HTTP/1.1Host: cdn.dorik.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://atlanticcomfort.dorik.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: atlanticcomfort.dorik.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://atlanticcomfort.dorik.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020 HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020/ HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020/css/hover.css HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://stamvifordsgct.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://stamvifordsgct.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020/images/outlook1.png HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020/images/adobe.jpg HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020/images/office3651.png HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020/images/other1.png HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020/images/gmail.png HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://stamvifordsgct.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020/images/8.jpg HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1Host: shopget24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stamvifordsgct.top/pakl/adobe2020/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: shopget24.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: atlanticcomfort.dorik.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pakl/adobe2020/ HTTP/1.1Host: stamvifordsgct.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1Host: shopget24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: shopget24.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Etag: "qqjh8u1aqx"Referrer-Policy: no-referrer-when-downgradeServer: CaddyStrict-Transport-Security: max-age=301X-Content-Type-Options: nosniffDate: Mon, 27 Sep 2021 18:25:33 GMTConnection: closeTransfer-Encoding: chunked
Source: History.1.dr String found in binary or memory: http://atlanticcomfort.dorik.io/
Source: History.1.dr String found in binary or memory: http://atlanticcomfort.dorik.io//
Source: History Provider Cache.1.dr String found in binary or memory: http://atlanticcomfort.dorik.io/2
Source: History Provider Cache.1.dr String found in binary or memory: http://atlanticcomfort.dorik.io/2:
Source: Network Action Predictor.1.dr String found in binary or memory: http://stamvifordsgct.top/
Source: History.1.dr String found in binary or memory: http://stamvifordsgct.top/pakl/adobe2020/
Source: History.1.dr String found in binary or memory: http://stamvifordsgct.top/pakl/adobe2020/Share
Source: Reporting and NEL.3.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=LkP6T0BlHuQyrnuyqwGiWWxtT4i6ZblEyopW3Oo97x5uN95JQEm2gMK%2Bg
Source: Reporting and NEL.3.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=pYDsI99IUtRF07SVp%2BwSymWX3y50IssY6pygHLP4DVNnbcpVqUMXHP7hz
Source: Reporting and NEL.3.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=rOO74hXaiUSbFTfGwaO0fj52yEFs%2FXglquF6DAxjQyovD%2BqGGW5fPEY
Source: manifest.json0.1.dr, 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://accounts.google.com
Source: f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://ajax.googleapis.com
Source: Network Action Predictor.1.dr String found in binary or memory: https://ajax.googleapis.com/
Source: de3a06406574ae0d_0.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: 6897bb6d8ce1ed75_0.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsa
Source: 6897bb6d8ce1ed75_0.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsaD
Source: manifest.json0.1.dr, 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://apis.google.com
Source: Current Session.1.dr String found in binary or memory: https://atlanticcomfort.dorik.io/
Source: History.1.dr String found in binary or memory: https://atlanticcomfort.dorik.io//
Source: History Provider Cache.1.dr String found in binary or memory: https://atlanticcomfort.dorik.io/2
Source: History Provider Cache.1.dr String found in binary or memory: https://atlanticcomfort.dorik.io/2:
Source: 51baab93c7728d76_0.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: Network Action Predictor.1.dr String found in binary or memory: https://code.jquery.com/
Source: 35c0ec9fefd0fd98_0.1.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: 81becac078ce66fd_0.1.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.3.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: Reporting and NEL.3.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, a2042573-490e-4bbf-ae10-f7572c5d78fb.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr, 2cef5409-4771-43af-a4ac-19691ff13de5.tmp.3.dr String found in binary or memory: https://dns.google
Source: manifest.json0.1.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.1.dr String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.googleapis.com;
Source: 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.1.dr String found in binary or memory: https://hangouts.google.com/
Source: Network Action Predictor.1.dr String found in binary or memory: https://ka-f.fontawesome.com/
Source: Network Action Predictor.1.dr String found in binary or memory: https://kit.fontawesome.com/
Source: ae15d450f18bc512_0.1.dr String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: History Provider Cache.1.dr String found in binary or memory: https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fatlanticcomfort.dorik.io%2f&c=E
Source: Network Action Predictor.1.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: 9c2581ec287b8e26_0.1.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://r1---sn-1gi7znes.gvt1.com
Source: f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.1.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://ssl.gstatic.com
Source: de3a06406574ae0d_0.1.dr, 35c0ec9fefd0fd98_0.1.dr String found in binary or memory: https://stamvifordsgct.top/
Source: 9c2581ec287b8e26_0.1.dr String found in binary or memory: https://stamvifordsgct.top/?;
Source: 51baab93c7728d76_0.1.dr String found in binary or memory: https://stamvifordsgct.top/N
Source: ae15d450f18bc512_0.1.dr String found in binary or memory: https://stamvifordsgct.top/i
Source: History.1.dr, Current Session.1.dr String found in binary or memory: https://stamvifordsgct.top/pakl/adobe2020
Source: Current Session.1.dr String found in binary or memory: https://stamvifordsgct.top/pakl/adobe2020/
Source: History.1.dr String found in binary or memory: https://stamvifordsgct.top/pakl/adobe2020/Share
Source: History.1.dr String found in binary or memory: https://stamvifordsgct.top/pakl/adobe2020Share
Source: messages.json83.1.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: manifest.json0.1.dr, 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr String found in binary or memory: https://www.google.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.google.com;
Source: 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 0d4c97a2-b42c-4c7a-955f-31c7efada717.tmp.3.dr, f4de26e1-67ad-4cb9-a351-8bd3b54d6956.tmp.3.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown HTTPS traffic detected: 104.219.248.46:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\fea40df0-33de-41dd-9078-55af9cb44409.tmp Jump to behavior
Source: classification engine Classification label: mal76.phis.win@31/216@18/15
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fatlanticcomfort.dorik.io%2f&c=E,1,CGwy269fqEdis4zLq70Us0gFSsYJjbjhi_GiMYHnlRZj_HSpD7ZJLkeDvqcLZY5oWUGF9CTkD2PCF1bkYutrdhOa3W8aURgdCoy4cmWPO-hoLkJ4ulrHbA,,&typo=1'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,5668093974603794416,12791446233085768486,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,5668093974603794416,12791446233085768486,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61528B26-15EC.pma Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 491704 URL: https://linkprotect.cudasvc... Startdate: 27/09/2021 Architecture: WINDOWS Score: 76 13 stamvifordsgct.top 2->13 15 shopget24.org 2->15 17 shopget24.com 2->17 31 Antivirus detection for URL or domain 2->31 33 Phishing site detected (based on shot template match) 2->33 35 Yara detected HtmlPhish10 2->35 37 2 other signatures 2->37 7 chrome.exe 14 400 2->7         started        signatures3 process4 dnsIp5 19 192.168.2.1 unknown unknown 7->19 21 192.168.2.3 unknown unknown 7->21 23 239.255.255.250 unknown Reserved 7->23 10 chrome.exe 33 7->10         started        process6 dnsIp7 25 shopget24.com 104.219.248.46, 443, 49786, 49791 NAMECHEAP-NETUS United States 10->25 27 googlehosted.l.googleusercontent.com 172.217.168.1, 443, 49764 GOOGLEUS United States 10->27 29 18 other IPs or domains 10->29
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.219.248.46
 shopget24.com United States
22612 NAMECHEAP-NETUS false
89.187.169.47
 dorikcdn.b-cdn.net Czech Republic
60068 CDN77GB false
172.217.168.46
 clients.l.google.com United States
15169 GOOGLEUS false
174.138.116.26
 atlanticcomfort.dorik.io United States
14061 DIGITALOCEAN-ASNUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
18.185.67.239
 linkprotect.cudasvc.com United States
16509 AMAZON-02US false
104.21.55.161
 stamvifordsgct.top United States
13335 CLOUDFLARENETUS false
172.217.168.1
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
172.217.168.13
 accounts.google.com United States
15169 GOOGLEUS false
104.18.11.207
 maxcdn.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
104.16.19.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private
IP
192.168.2.1
192.168.2.3
127.0.0.1

Contacted Domains

Name IP Active
gstaticadssl.l.google.com 172.217.168.67 true
a.nel.cloudflare.com 35.190.80.1 true
accounts.google.com 172.217.168.13 true
atlanticcomfort.dorik.io 174.138.116.26 true
cdnjs.cloudflare.com 104.16.19.94 true
maxcdn.bootstrapcdn.com 104.18.11.207 true
stamvifordsgct.top 104.21.55.161 true
clients.l.google.com 172.217.168.46 true
linkprotect.cudasvc.com 18.185.67.239 true
dorikcdn.b-cdn.net 89.187.169.47 true
shopget24.com 104.219.248.46 true
googlehosted.l.googleusercontent.com 172.217.168.1 true
ka-f.fontawesome.com unknown unknown
kit.fontawesome.com unknown unknown
cdn.dorik.com unknown unknown
clients2.googleusercontent.com unknown unknown
shopget24.org unknown unknown
clients2.google.com unknown unknown
code.jquery.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://cdn.dorik.com/6144cea3898d820011339fe9/6151e5833eb7a900117248ca/images/Invoice_FIle_1-(37).pdf_5ujctja8.png false
  • Avira URL Cloud: safe
 unknown
https://stamvifordsgct.top/pakl/adobe2020/images/8.jpg true
  • Avira URL Cloud: safe
 unknown
http://shopget24.com/images/sampledata/hack-run.png false
  • Avira URL Cloud: safe
 unknown
https://cdn.dorik.com/6151e5833eb7a900117248ca/css/index.css?v=55f53aa0b8edb906abe58e9ac6229f170dfd6988 false
  • Avira URL Cloud: safe
 unknown
https://stamvifordsgct.top/pakl/adobe2020/images/gmail.png true
  • Avira URL Cloud: safe
 unknown
https://shopget24.com/images/sampledata/hack-run.png false
  • Avira URL Cloud: safe
 unknown
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
    		high
    https://atlanticcomfort.dorik.io/ true
    • SlashNext: Fake Login Page type: Phishing & Social usering
    		 unknown
    https://atlanticcomfort.dorik.io/favicon.ico true
    • Avira URL Cloud: safe
    		 unknown
    http://atlanticcomfort.dorik.io/ false
    • Avira URL Cloud: safe
    		 unknown
    https://stamvifordsgct.top/pakl/adobe2020/images/other1.png true
    • Avira URL Cloud: safe
    		 unknown
    https://stamvifordsgct.top/pakl/adobe2020/css/hover.css true
    • Avira URL Cloud: safe
    		 unknown
    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js false
      		high
      https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fatlanticcomfort.dorik.io%2f&c=E,1,CGwy269fqEdis4zLq70Us0gFSsYJjbjhi_GiMYHnlRZj_HSpD7ZJLkeDvqcLZY5oWUGF9CTkD2PCF1bkYutrdhOa3W8aURgdCoy4cmWPO-hoLkJ4ulrHbA,,&typo=1 false
        		unknown
        https://stamvifordsgct.top/pakl/adobe2020/images/outlook1.png true
        • Avira URL Cloud: safe
        		 unknown
        https://stamvifordsgct.top/pakl/adobe2020/ true
          		unknown
          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
            		high
            https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
              		high
              https://a.nel.cloudflare.com/report/v3?s=pYDsI99IUtRF07SVp%2BwSymWX3y50IssY6pygHLP4DVNnbcpVqUMXHP7hzlrufOfDYod2dOcPvxl%2BK5EYbZibUDR4%2BxAr2H3TFBYso2ml4U4SvSGQPAJxnY6sGrbGlydMp4Mfqhs%3D false
                		high
                https://atlanticcomfort.dorik.io/ true
                • SlashNext: Fake Login Page type: Phishing & Social usering
                		 unknown
                https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css false
                  		high
                  https://stamvifordsgct.top/pakl/adobe2020/images/adobe.jpg true
                  • Avira URL Cloud: safe
                  		 unknown
                  https://stamvifordsgct.top/pakl/adobe2020/ true
                    		unknown
                    http://stamvifordsgct.top/pakl/adobe2020/ false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js false
                      		high
                      https://stamvifordsgct.top/favicon.ico false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://stamvifordsgct.top/pakl/adobe2020 false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://stamvifordsgct.top/pakl/adobe2020/images/office3651.png true
                      • Avira URL Cloud: safe
                      		 unknown