Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

https://thechurchofgameology.com/cda-file/New/Error.php

Status: finished
Submission Time: 2020-10-19 10:10:11 +02:00
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    299952
  • API (Web) ID:
    495058
  • Analysis Started:
    2020-10-19 10:12:16 +02:00
  • Analysis Finished:
    2020-10-19 10:17:51 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 68
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP Country Detection
13.226.156.212
 United States
108.177.15.155
 United States
13.226.156.55
 United States
Click to see the 6 hidden entries
13.226.156.114
 United States
104.18.71.113
 United States
104.16.84.55
 United States
35.176.232.124
 United States
18.197.87.213
 United States
148.72.23.163
 United States

Domains

Name IP Detection
dfnmgvgrju45s.cloudfront.net
 13.226.156.114
stats.l.doubleclick.net
 108.177.15.155
d1piuc6mf7ro4.cloudfront.net
 13.226.156.212
Click to see the 13 hidden entries
cf.zdassets.com
 104.18.71.113
widget-mediator.zopim.com
 18.197.87.213
thechurchofgameology.com
 148.72.23.163
d2tf7t5wbettnq.cloudfront.net
 13.226.156.55
external.pol.prod.a.ddy.systems
 35.176.232.124
v2.zopim.com
 104.16.84.55
js-agent.newrelic.com
 0.0.0.0
auth.myprofile.postoffice.co.uk
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0
static.zdassets.com
 0.0.0.0
myprofile.postoffice.co.uk
 0.0.0.0
ekr.zdassets.com
 0.0.0.0
bam-cell.nr-data.net
 0.0.0.0

URLs

Name Detection
https://thechurchofgameology.com/cda-file/New/Error.php#content
https://thechurchofgameology.com/cda-file/New/Error.php(Log
https://myprofile.postoffice.co.uk/contact_info
Click to see the 97 hidden entries
https://auth.myprofile.postoffice.co.uk/sign_in
https://thechurchofgameology.com/cda-file/New/Error.php
https://thechurchofgameology.com/cda-file/New/Error.php#content
https://thechurchofgameology.com/cda-file/New/Error.php#contentoudfront.net/assets/branding/pol/favi
https://auth.myprofile.postoffice.co.uk/sign_in?contrast=switch
https://thechurchofgameology.com/cda-file/New/Error.phpRoot
https://thechurchofgameology.com/cda-file/New/Error.php
https://thechurchofgameology.com/cda-file/New/Error.phpcontent
https://www.zopim.com/auth/$NAME/$KEY-$MID
https://auth.myprofile.postoffice.co.uk/sign_in?contrast=switch&contrast=switch
https://bugs.webkit.org/show_bug.cgi?id=136851
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/logo_postoffice-fe4a47829c4c284bebe7594b3857017
https://v2.zopim.com/widget/sounds
https://auth.myprofile.postoffice.co.uk/terms_and_conditions#cookies
https://auth.myprofile
https://thechurch.postoffice.co.uk/sign_inror.phpcontentRoot
https://bugzilla.mozilla.org/show_bug.cgi?id=491668
https://developer.mozilla.org/en/Security/CSP)
https://github.com/twbs/bootstrap/blob/master/LICENSE)
https://github.com/jquery/sizzle/pull/225
https://auth.myprofile.postoffice.co.uk/accounts/new
https://github.com/rails/jquery-ujs
https://getbootstrap.com/docs/3.4/javascript/#scrollspy
https://auth.myprofile.postoffice.co.uk/sign_in(Log
https://www.zopim.com/privacy#cookie
https://d1piuc6mf7ro4.cloudfront.net/assets/application-5a56e54ee86d540f75ce68545f8bfc6c3db70716e884
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/safari-pinned-tab-5ac74b83798429dfaa0a526fa
https://auth.myprofile.postoffice.co.uk/sign_in
http://api.zopim.com/
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/favicon-32x32-29bf7d25c0fd77d051974b320756f
https://thechurchoffice.co.uk/contact_infocontraBRs0G2BZkzdR57fuRTbhN9S8TNWgqwyO9YPCRJR3gz2vmlug==
https://d2tf7t5wbettnq.cloudfront.net/eeecb4bb-cbcc-48e6-92e8-e1f7f4dac7ee-postoffice-background2.jp
https://getbootstrap.com/docs/3.4/javascript/#alerts
https://github.com/jquery/jquery/pull/557)
https://getbootstrap.com/docs/3.4/javascript/#affix
https://dfnmgvgrju45s.cloudfront.net/assets/branding/pol/apple-touch-icon-18bd968e650780527c4ab853f7
https://getbootstrap.com/docs/3.4/javascript/#buttons
https://thechurcheology.com/cda-file/New/Error.phpcontentRoot
https://use.typekit.net
http://jsperf.com/getall-vs-sizzle/2
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/favicon-8358d52b4ba2d53af53c83d416e8e10283f
https://www.postoffice.co.uk/myaccount/account
https://html.spec.whatwg.org/#strip-and-collapse-whitespace
https://dfnmgvgrju45s.cloudfront.net/assets/branding/pol/safari-pinned-tab-5ac74b83798429dfaa0a526fa
https://getbootstrap.com/docs/3.4/javascript/#carousel
https://www.postoffice.co.uk/contact-us
http://sizzlejs.com/
https://www.zendesk.
https://developer.mozilla.org/en-US/docs/CSS/display
http://jquery.org/license
https://bugs.webkit.org/show_bug.cgi?id=29084
https://dfnmgvgrju45s.cloudfront.net/assets/branding/logo_postoffice-fe4a47829c4c284bebe7594b3857017
https://twitter.com/messages/compose?recipient_id=
https://github.com/krux/postscribe/blob/master/LICENSE.
https://dfnmgvgrju45s.cloudfront.net/assets/respond.min-3fca2ee5e635adc590683142c60af7c9209aff5f828a
https://blog.alexmaccaw.com/css-transitions
https://bugzilla.mozilla.org/show_bug.cgi?id=687787
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
https://github.com/twbs/bootstrap/issues/14093
http://zop.im/prem-offline-form
https://myprofile.postoffice.co.uk/contact_info?contrast=switch
http://dev.w3.org/csswg/cssom/#resolved-values
https://myprofile.post
https://auth.myprofile.postoffice.co.uk/sign_in?contrast=switch(Log
https://www.postoffice.co.uk/contact-us/
https://getbootstrap.com/docs/3.4/javascript/#popovers
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/favicon-16x16-2d6222eaa0e50664fb9b2bc07c339
https://auth.myprofile.postoffice.co.uk/terms_and_conditions
http://bit.ly/raven-secret-key
https://www.zendesk.com/privacy
https://thechurcheology.com/cda-file/New/Error.php#contentRoot
http://fontawesome.io
https://dfnmgvgrju45s.cloudfront.net/assets/branding/pol/favicon-32x32-29bf7d25c0fd77d051974b320756f
https://github.com/twbs/bootstrap/issues/20280
https://d1piuc6mf7ro4.cloudfront.net/assets/application_pol-7fadf2bc209737dcd407e2585571686a2c80b4f2
https://auth.myprofile.postoffice.co.uk/accounts/new?contrast=switch
https://myprofile.postoffice.co.uk/contact_info
https://getbootstrap.com/docs/3.4/javascript/#collapse
https://www.zopim.com
https://dfnmgvgrju45s.cloudfront.net/assets/branding/pol/favicon-16x16-2d6222eaa0e50664fb9b2bc07c339
http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
https://www.postoffice.co.uk/privacy
https://ekr.zdassets.com/compose_product/zopim_chat/abc123?deprecated_features=true
https://getbootstrap.com/docs/3.4/javascript/#modals
https://developer.mozilla.org/en-US/docs/Using_Firefox_1.5_caching
https://www.google.%/ads/ga-audiences
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/site-7859f856bcb07813992135c4ee8a9a657c0ca3
https://getbootstrap.com/docs/3.4/javascript/#tooltip
https://bugzilla.mozilla.org/show_bug.cgi?id=649285
https://www.zendesk.com/embeddables/?utm_source=webwidgetchat&utm_medium=poweredbyzendesk&utm_campai
http://bugs.jquery.com/ticket/12359
http://silviomoreto.github.io/bootstrap-select)
https://github.com/jquery/jquery/pull/764
https://getbootstrap.com/docs/3.4/javascript/#transitions
https://github.com/rails/sprockets#sprockets-directives)
https://stats.g.doubleclick.net/j/collect

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Error[1].htm
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\eeecb4bb-cbcc-48e6-92e8-e1f7f4dac7ee-postoffice-background2[1].jpg
 [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 2500x1602, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ProbaPro-Regular-d2e3f1204c73fba7806a19c43f5ab19877e836dc75ff9b631d00e39db3408cea[1].otf
 OpenType font data
 #
Click to see the 42 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fontawesome-webfont-7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979[1].eot
 Embedded OpenType (EOT), FontAwesome family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fontawesome-webfont-7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979[2].eot
 Embedded OpenType (EOT), FontAwesome family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Error[1].htm
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ProbaPro-Italic-6e53e190b7e8ce10b18a9cabf913fcde21ed6658d29824b983de7109cc72a93b[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ProbaPro-Medium-e037e3b2ffcdf5afd556b4776251026be6f7f69dd8948408f73077fe05be8d77[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ProbaPro-Regular-d2e3f1204c73fba7806a19c43f5ab19877e836dc75ff9b631d00e39db3408cea[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ProbaPro-SemiBold-648002088dd990e2cbfe342a450b4d4abd8c28f92c101d91be800ca871f94543[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\application_pol-90e2e6f7e99a283ff4ca98fc713a9700d7d24e99cd6a655aab784cf0662708d3[1].css
 UTF-8 Unicode (with BOM) text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\branded-2be6a9099671c3fd44fd386bcb767a443fe7d93189a421ce51f508b55290690e[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\collect[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\contact_info[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon-32x32-29bf7d25c0fd77d051974b320756ffadc6377672c38352b456cc5d81de75e1f8[1].png
 PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\fontawesome-webfont-7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979[1].eot
 Embedded OpenType (EOT), FontAwesome family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo_postoffice-fe4a47829c4c284bebe7594b38570178841c182def7d46aa844bb417ef5ad9cc[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo_postoffice-fe4a47829c4c284bebe7594b38570178841c182def7d46aa844bb417ef5ad9cc[2].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\new[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\sign_in[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Temp\~DF1EC531FE7EF0101C.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF78605D0743EA5CC2.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF8B437CD8E9E15ADD.TMP
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ProbaPro-Regular-d2e3f1204c73fba7806a19c43f5ab19877e836dc75ff9b631d00e39db3408cea[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5D713D68-122E-11EB-90E4-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D713D6A-122E-11EB-90E4-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{63C82E9A-122E-11EB-90E4-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NRJS-7bc6d3b14d5ba545792[1].js
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ProbaPro-Italic-6e53e190b7e8ce10b18a9cabf913fcde21ed6658d29824b983de7109cc72a93b[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ProbaPro-SemiBold-648002088dd990e2cbfe342a450b4d4abd8c28f92c101d91be800ca871f94543[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\application-5a56e54ee86d540f75ce68545f8bfc6c3db70716e884492f08de6a45730a0bf6[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\application_pol-7fadf2bc209737dcd407e2585571686a2c80b4f2ac6c2acf8f6dc9b54735ff65[1].css
 UTF-8 Unicode (with BOM) text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon-32x32-29bf7d25c0fd77d051974b320756ffadc6377672c38352b456cc5d81de75e1f8[1].png
 PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\asset_composer[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ProbaPro-SemiBold-648002088dd990e2cbfe342a450b4d4abd8c28f92c101d91be800ca871f94543[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\analytics[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\gtm[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\nr-1184.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\widget_v2.329[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\2WGlugEHgFmrrwWlg64YMgqz2UEQeOt7[1].json
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ProbaPro-Italic-6e53e190b7e8ce10b18a9cabf913fcde21ed6658d29824b983de7109cc72a93b[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ProbaPro-Medium-e037e3b2ffcdf5afd556b4776251026be6f7f69dd8948408f73077fe05be8d77[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ProbaPro-Medium-e037e3b2ffcdf5afd556b4776251026be6f7f69dd8948408f73077fe05be8d77[2].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\G3MOYIDD\myprofile.postoffice.co[1].xml
 ASCII text, with no line terminators
 #