Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

https://thechurchofgameology.com/cda-file/New/Error.php

Status: finished
Submission Time: 2020-10-19 10:10:11 +02:00
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    299953
  • API (Web) ID:
    495059
  • Analysis Started:
    2020-10-19 10:12:36 +02:00
  • Analysis Finished:
    2020-10-19 10:18:15 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 68
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP Country Detection
13.226.156.15
 United States
13.226.156.55
 United States
18.197.29.67
 United States
Click to see the 6 hidden entries
13.226.156.114
 United States
104.16.83.55
 United States
104.18.70.113
 United States
108.177.126.156
 United States
35.177.140.193
 United States
148.72.23.163
 United States

Domains

Name IP Detection
dfnmgvgrju45s.cloudfront.net
 13.226.156.114
stats.l.doubleclick.net
 108.177.126.156
d1piuc6mf7ro4.cloudfront.net
 13.226.156.15
Click to see the 13 hidden entries
cf.zdassets.com
 104.18.70.113
widget-mediator.zopim.com
 18.197.29.67
thechurchofgameology.com
 148.72.23.163
d2tf7t5wbettnq.cloudfront.net
 13.226.156.55
external.pol.prod.a.ddy.systems
 35.177.140.193
v2.zopim.com
 104.16.83.55
js-agent.newrelic.com
 0.0.0.0
auth.myprofile.postoffice.co.uk
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0
static.zdassets.com
 0.0.0.0
myprofile.postoffice.co.uk
 0.0.0.0
ekr.zdassets.com
 0.0.0.0
bam-cell.nr-data.net
 0.0.0.0

URLs

Name Detection
https://thechurchofgameology.com/cda-file/New/Error.php(Log
https://thechurchofgameology.com/cda-file/New/Error.php#contentoudfront.net/assets/branding/pol/favi
https://thechurchofgameology.com/cda-file/New/Error.php
Click to see the 97 hidden entries
https://thechurchofgameology.com/cda-file/New/Error.php#content
https://myprofile.postoffice.co.uk/contact_info
https://auth.myprofile.postoffice.co.uk/sign_in?contrast=switch
https://thechurchofgameology.com/cda-file/New/Error.php
https://thechurchofgameology.com/cda-file/New/Error.phpRoot
https://auth.myprofile.postoffice.co.uk/sign_in
https://thechurchofgameology.com/cda-file/New/Error.php#content
https://auth.myprofile.postoffice.co.uk/sign_in?contrast=switch&contrast=switch
https://www.zendesk.
http://jquery.org/license
https://thechurcheology.com/cda-file/New/Error.phpRoot
https://use.typekit.net
https://bugs.webkit.org/show_bug.cgi?id=136851
http://sizzlejs.com/
https://auth.myprofile
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/logo_postoffice-fe4a47829c4c284bebe7594b3857017
https://v2.zopim.com/widget/sounds
https://dfnmgvgrju45s.cloudfront.net/assets/branding/pol/safari-pinned-tab-5ac74b83798429dfaa0a526fa
https://bugzilla.mozilla.org/show_bug.cgi?id=491668
https://www.zopim.com/auth/$NAME/$KEY-$MID
https://github.com/jquery/sizzle/pull/225
https://github.com/rails/jquery-ujs
https://www.zopim.com/privacy#cookie
https://d1piuc6mf7ro4.cloudfront.net/assets/application-5a56e54ee86d540f75ce68545f8bfc6c3db70716e884
https://github.com/twbs/bootstrap/blob/master/LICENSE)
https://auth.myprofile.postoffice.co.uk/sign_in(Log
https://github.com/jquery/jquery/pull/557)
https://getbootstrap.com/)
https://dfnmgvgrju45s.cloudfront.net/assets/application_pol-90e2e6f7e99a283ff4ca98fc713a9700d7d24e99
https://myprofile.postoffice.co.uk/contact_infocontrast=switch
https://github.com/silviomoreto/bootstrap-select/blob/master/LICENSE)
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
https://dfnmgvgrju45s.cloudfront.net/assets/branding/pol/favicon-8358d52b4ba2d53af53c83d416e8e10283f
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/safari-pinned-tab-5ac74b83798429dfaa0a526fa
https://auth.myprofile.postoffice.co.uk/sign_in
http://api.zopim.com/
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/favicon-32x32-29bf7d25c0fd77d051974b320756f
https://d2tf7t5wbettnq.cloudfront.net/eeecb4bb-cbcc-48e6-92e8-e1f7f4dac7ee-postoffice-background2.jp
https://getbootstrap.com/docs/3.4/javascript/#alerts
https://www.postoffice.co.uk/contact-us
https://getbootstrap.com/docs/3.4/javascript/#affix
https://auth.myprofile.postoffice.co.uk/sign_inror.php#contentoudfront.net/assets/branding/pol/favic
https://dfnmgvgrju45s.cloudfront.net/assets/branding/pol/apple-touch-icon-18bd968e650780527c4ab853f7
https://getbootstrap.com/docs/3.4/javascript/#buttons
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
http://jsperf.com/getall-vs-sizzle/2
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/favicon-8358d52b4ba2d53af53c83d416e8e10283f
https://www.postoffice.co.uk/myaccount/account
https://html.spec.whatwg.org/#strip-and-collapse-whitespace
https://d1piuc6mf7ro4.cloudfront.net/assets/application_pol-7fadf2bc209737dcd407e2585571686a2c80b4f2
https://getbootstrap.com/docs/3.4/javascript/#carousel
https://bugs.webkit.org/show_bug.cgi?id=29084
https://twitter.com/messages/compose?recipient_id=
https://github.com/krux/postscribe/blob/master/LICENSE.
https://dfnmgvgrju45s.cloudfront.net/assets/respond.min-3fca2ee5e635adc590683142c60af7c9209aff5f828a
https://blog.alexmaccaw.com/css-transitions
https://bugzilla.mozilla.org/show_bug.cgi?id=687787
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
https://github.com/twbs/bootstrap/issues/14093
http://zop.im/prem-offline-form
https://myprofile.postoffice.co.uk/contact_info?contrast=switch
http://dev.w3.org/csswg/cssom/#resolved-values
https://thechurch.postoffice.co.uk/sign_in?contrast=switchRoot
https://dfnmgvgrju45s.cloudfront.net/assets/branding/logo_postoffice-fe4a47829c4c284bebe7594b3857017
https://auth.myprofile.postoffice.co.uk/sign_in?contrast=switch(Log
https://www.postoffice.co.uk/contact-us/
https://thechurch.postoffice.co.uk/sign_inror.php#contentRoot
https://getbootstrap.com/docs/3.4/javascript/#popovers
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/favicon-16x16-2d6222eaa0e50664fb9b2bc07c339
http://bit.ly/raven-secret-key
https://www.zendesk.com/privacy
https://thechurchoffice.co.uk/contact_infocontrast=switchRoot
https://thechurcheology.com/cda-file/New/Error.php#contentRoot
http://fontawesome.io
https://github.com/twbs/bootstrap/issues/20280
https://developer.mozilla.org/en/Security/CSP)
https://dfnmgvgrju45s.cloudfront.net/assets/branding/pol/favicon-32x32-29bf7d25c0fd77d051974b320756f
https://developer.mozilla.org/en-US/docs/CSS/display
https://myprofile.postoffice.co.uk/contact_info
https://getbootstrap.com/docs/3.4/javascript/#collapse
https://www.zopim.com
https://dfnmgvgrju45s.cloudfront.net/assets/branding/pol/favicon-16x16-2d6222eaa0e50664fb9b2bc07c339
http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
https://ekr.zdassets.com/compose_product/zopim_chat/abc123?deprecated_features=true
https://getbootstrap.com/docs/3.4/javascript/#modals
https://developer.mozilla.org/en-US/docs/Using_Firefox_1.5_caching
https://getbootstrap.com/docs/3.4/javascript/#scrollspy
https://d1piuc6mf7ro4.cloudfront.net/assets/branding/pol/site-7859f856bcb07813992135c4ee8a9a657c0ca3
https://getbootstrap.com/docs/3.4/javascript/#tooltip
https://bugzilla.mozilla.org/show_bug.cgi?id=649285
https://www.zendesk.com/embeddables/?utm_source=webwidgetchat&utm_medium=poweredbyzendesk&utm_campai
http://bugs.jquery.com/ticket/12359
http://silviomoreto.github.io/bootstrap-select)
https://github.com/jquery/jquery/pull/764
https://getbootstrap.com/docs/3.4/javascript/#transitions
https://github.com/rails/sprockets#sprockets-directives)
https://myprofile.post

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Error[1].htm
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NRJS-7bc6d3b14d5ba545792[1].js
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\eeecb4bb-cbcc-48e6-92e8-e1f7f4dac7ee-postoffice-background2[1].jpg
 [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 2500x1602, frames 3
 #
Click to see the 41 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon-32x32-29bf7d25c0fd77d051974b320756ffadc6377672c38352b456cc5d81de75e1f8[1].png
 PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ProbaPro-Italic-6e53e190b7e8ce10b18a9cabf913fcde21ed6658d29824b983de7109cc72a93b[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ProbaPro-Medium-e037e3b2ffcdf5afd556b4776251026be6f7f69dd8948408f73077fe05be8d77[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ProbaPro-Regular-d2e3f1204c73fba7806a19c43f5ab19877e836dc75ff9b631d00e39db3408cea[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\application-5a56e54ee86d540f75ce68545f8bfc6c3db70716e884492f08de6a45730a0bf6[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\application_pol-7fadf2bc209737dcd407e2585571686a2c80b4f2ac6c2acf8f6dc9b54735ff65[1].css
 UTF-8 Unicode (with BOM) text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon-32x32-29bf7d25c0fd77d051974b320756ffadc6377672c38352b456cc5d81de75e1f8[1].png
 PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\fontawesome-webfont-7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979[1].eot
 Embedded OpenType (EOT), FontAwesome family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\2WGlugEHgFmrrwWlg64YMgqz2UEQeOt7[1].json
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Error[1].htm
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ProbaPro-SemiBold-648002088dd990e2cbfe342a450b4d4abd8c28f92c101d91be800ca871f94543[2].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ProbaPro-Italic-6e53e190b7e8ce10b18a9cabf913fcde21ed6658d29824b983de7109cc72a93b[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ProbaPro-Medium-e037e3b2ffcdf5afd556b4776251026be6f7f69dd8948408f73077fe05be8d77[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ProbaPro-SemiBold-648002088dd990e2cbfe342a450b4d4abd8c28f92c101d91be800ca871f94543[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\asset_composer[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\fontawesome-webfont-7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979[1].eot
 Embedded OpenType (EOT), FontAwesome family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\logo_postoffice-fe4a47829c4c284bebe7594b38570178841c182def7d46aa844bb417ef5ad9cc[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Temp\~DF10DEBF217825A1B1.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF95B4A9FD3993CF1A.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFBA1AC5A98B050923.TMP
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fontawesome-webfont-7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979[1].eot
 Embedded OpenType (EOT), FontAwesome family
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5F0B657-11E2-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5F0B659-11E2-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5F0B65A-11E2-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ProbaPro-Medium-e037e3b2ffcdf5afd556b4776251026be6f7f69dd8948408f73077fe05be8d77[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ProbaPro-Regular-d2e3f1204c73fba7806a19c43f5ab19877e836dc75ff9b631d00e39db3408cea[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\application_pol-90e2e6f7e99a283ff4ca98fc713a9700d7d24e99cd6a655aab784cf0662708d3[1].css
 UTF-8 Unicode (with BOM) text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\branded-2be6a9099671c3fd44fd386bcb767a443fe7d93189a421ce51f508b55290690e[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\collect[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\contact_info[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\myprofile.postoffice.co[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\gtm[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo_postoffice-fe4a47829c4c284bebe7594b38570178841c182def7d46aa844bb417ef5ad9cc[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\nr-1184.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sign_in[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sign_in[2].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\widget_v2.329[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ProbaPro-Italic-6e53e190b7e8ce10b18a9cabf913fcde21ed6658d29824b983de7109cc72a93b[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ProbaPro-Regular-d2e3f1204c73fba7806a19c43f5ab19877e836dc75ff9b631d00e39db3408cea[1].otf
 OpenType font data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ProbaPro-SemiBold-648002088dd990e2cbfe342a450b4d4abd8c28f92c101d91be800ca871f94543[1].otf
 OpenType font data
 #