Windows Analysis Report https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.ismyrotaryclub.org%2f%2fClick%2f%3f_uid%3d800004603%26_ctid%3d1972187%26redirect%3dhttps%3a%2f%2f1n0w8.codesandbox.io%2f%3faf%3dam1lcmNpZXJAbXVyZXhsdGQuY29t&c=E,1,33KLss3YzRWhFedSrTUVgatC3BBMx2L-L4e7_qZWgR8ttsvQZbCsR6smducdjsRz-uGYCcQc5RJAZdgfM9YfGqlADpHhdxTFS_EgtztnR08wn2_60sAU2Wi-&typo=1

Overview

General Information

Sample URL: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.ismyrotaryclub.org%2f%2fClick%2f%3f_uid%3d800004603%26_ctid%3d1972187%26redirect%3dhttps%3a%2f%2f1n0w8.codesandbox.io%2f%3faf%3dam1lcmNpZXJAbXVyZXhsdGQuY29t&c=E,1,33KLss3YzRWhFedSrTUVgatC3BBMx2L-L4e7_qZWgR8ttsvQZbCsR6smducdjsRz-uGYCcQc5RJAZdgfM9YfGqlADpHhdxTFS_EgtztnR08wn2_60sAU2Wi-&typo=1
Analysis ID: 510504
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on logo template match)
Invalid 'forgot password' link found
HTML body contains low number of good links
HTML title does not match URL
Invalid T&C link found

Classification

AV Detection:

barindex
Antivirus detection for URL or domain
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://www.ismyrotaryclub.org//Click/?_uid=800004603&_ctid=1972187&redirect=https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29t Avira URL Cloud: Label: phishing

Phishing:

barindex
Yara detected HtmlPhish10
Source: Yara match File source: 016477.pages.csv, type: HTML
Source: Yara match File source: 016477.0.links.csv, type: HTML
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\index[1].htm, type: DROPPED
Phishing site detected (based on logo template match)
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com Matcher: Template: microsoft matched
Invalid 'forgot password' link found
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Invalid link: Forgot my password
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Invalid link: Forgot my password
HTML body contains low number of good links
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Number of links: 0
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Title: Sign in to Outlook does not match URL
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Title: Sign in to Outlook does not match URL
Invalid T&C link found
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Invalid link: Terms of use
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Invalid link: Privacy & cookies
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Invalid link: Terms of use
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: Invalid link: Privacy & cookies
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: No <meta name="author".. found
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: No <meta name="author".. found
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: No <meta name="copyright".. found
Source: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 18.192.226.97:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.192.226.97:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.175.102.136:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.175.102.136:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.95.148.134:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.95.148.134:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: linkprotect.cudasvc.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: global traffic HTTP traffic detected: GET /url?a=https%3a%2f%2fwww.ismyrotaryclub.org%2f%2fClick%2f%3f_uid%3d800004603%26_ctid%3d1972187%26redirect%3dhttps%3a%2f%2f1n0w8.codesandbox.io%2f%3faf%3dam1lcmNpZXJAbXVyZXhsdGQuY29t&c=E,1,33KLss3YzRWhFedSrTUVgatC3BBMx2L-L4e7_qZWgR8ttsvQZbCsR6smducdjsRz-uGYCcQc5RJAZdgfM9YfGqlADpHhdxTFS_EgtztnR08wn2_60sAU2Wi-&typo=1 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: linkprotect.cudasvc.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET //Click/?_uid=800004603&_ctid=1972187&redirect=https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29t HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.ismyrotaryclub.org
Source: global traffic HTTP traffic detected: GET /?af=am1lcmNpZXJAbXVyZXhsdGQuY29t HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: 1n0w8.codesandbox.io
Source: global traffic HTTP traffic detected: GET /public/sse-hooks/sse-hooks.f648b14c15c640a14a557113a991cb8d.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29tAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: codesandbox.ioConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /static/js/banner.be879265d.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29tAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: codesandbox.ioConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /beacon.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29tAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.cloudflareinsights.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /index.html HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29tAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.htmlAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.comAccept-Encoding: gzip, deflateHost: cdnjs.cloudflare.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: 6X6C9PT58WZJWXD9x-amz-id-2: oSJptkmAodk2dxbT6ds5z/3J/ijJqaA6r1XZl0CgdI9fpM5nGl1fDjUczSKMbYhKdA9B8vaLmMw=Content-Type: application/xmlTransfer-Encoding: chunkedDate: Wed, 27 Oct 2021 18:57:29 GMTServer: AmazonS3Connection: close
Source: {26C0008E-37A3-11EC-90E9-ECF4BB862DED}.dat.2.dr String found in binary or memory: https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29t
Source: index[1].htm.3.dr String found in binary or memory: https://beatitbar.com/wp-content/plugins/fatboyoffice/call.php?u=
Source: index[1].htm.3.dr String found in binary or memory: https://beatitbar.com/wp-content/plugins/fatboyoffice/clearbit.php?d=
Source: index[1].htm.3.dr String found in binary or memory: https://beatitbar.com/wp-content/plugins/fatboyoffice/rcform.php
Source: index[1].htm.3.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Source: banner.be879265d[1].js.3.dr String found in binary or memory: https://codesandbox.io/
Source: DFGA14QX.htm.3.dr String found in binary or memory: https://codesandbox.io/public/sse-hooks/sse-hooks.f648b14c15c640a14a557113a991cb8d.js
Source: DFGA14QX.htm.3.dr String found in binary or memory: https://codesandbox.io/static/js/banner.be879265d.js
Source: {26C0008E-37A3-11EC-90E9-ECF4BB862DED}.dat.2.dr String found in binary or memory: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html
Source: DFGA14QX.htm.3.dr String found in binary or memory: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#
Source: {26C0008E-37A3-11EC-90E9-ECF4BB862DED}.dat.2.dr String found in binary or memory: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier
Source: ~DF75153F92E31AE6D4.TMP.2.dr, {26C0008E-37A3-11EC-90E9-ECF4BB862DED}.dat.2.dr String found in binary or memory: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#mercier
Source: {26C0008E-37A3-11EC-90E9-ECF4BB862DED}.dat.2.dr String found in binary or memory: https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html:
Source: index[1].htm.3.dr String found in binary or memory: https://portal.office.com/servicestatus
Source: DFGA14QX.htm.3.dr String found in binary or memory: https://static.cloudflareinsights.com/beacon.min.js
Source: unknown HTTPS traffic detected: 18.192.226.97:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.192.226.97:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.175.102.136:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.175.102.136:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.22.207:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.95.65:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.95.148.134:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.95.148.134:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DFF890F1947A547B5C.TMP Jump to behavior
Source: classification engine Classification label: mal60.phis.win@3/12@8/6
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6688 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6688 CREDAT:17410 /prefetch:2 Jump to behavior
Source: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.ismyrotaryclub.org%2f%2fClick%2f%3f_uid%3d800004603%26_ctid%3d1972187%26redirect%3dhttps%3a%2f%2f1n0w8.codesandbox.io%2f%3faf%3dam1lcmNpZXJAbXVyZXhsdGQuY29t&c=E,1,33KLss3YzRWhFedSrTUVgatC3BBMx2L-L4e7_qZWgR8ttsvQZbCsR6smducdjsRz-uGYCcQc5RJAZdgfM9YfGqlADpHhdxTFS_EgtztnR08wn2_60sAU2Wi-&typo=1 Joe Sandbox Cloud Basic: Detection: clean Score: 0 Perma Link
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 510504 URL: https://linkprotect.cudasvc... Startdate: 27/10/2021 Architecture: WINDOWS Score: 60 15 favicon.ico 2->15 23 Antivirus detection for URL or domain 2->23 25 Yara detected HtmlPhish10 2->25 27 Phishing site detected (based on logo template match) 2->27 7 iexplore.exe 2 61 2->7         started        signatures3 process4 process5 9 iexplore.exe 2 37 7->9         started        dnsIp6 17 ismyrotaryclub.org 184.175.102.136, 443, 49743, 49744 CYBERCONUS United States 9->17 19 cdnjs.cloudflare.com 104.16.18.94, 443, 49753, 49754 CLOUDFLARENETUS United States 9->19 21 7 other IPs or domains 9->21 13 C:\Users\user\AppData\Local\...\index[1].htm, HTML 9->13 dropped file7
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
184.175.102.136
 ismyrotaryclub.org United States
7393 CYBERCONUS false
104.18.22.207
 1n0w8.codesandbox.io United States
13335 CLOUDFLARENETUS false
52.95.148.134
 s3-r-w.eu-west-2.amazonaws.com United States
16509 AMAZON-02US false
18.192.226.97
 linkprotect.cudasvc.com United States
16509 AMAZON-02US false
104.16.18.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
104.16.95.65
 static.cloudflareinsights.com United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
1n0w8.codesandbox.io 104.18.22.207 true
static.cloudflareinsights.com 104.16.95.65 true
codesandbox.io 104.18.22.207 true
cdnjs.cloudflare.com 104.16.18.94 true
ismyrotaryclub.org 184.175.102.136 true
s3-r-w.eu-west-2.amazonaws.com 52.95.148.134 true
linkprotect.cudasvc.com 18.192.226.97 true
kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com unknown unknown
www.ismyrotaryclub.org unknown unknown
favicon.ico unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.ismyrotaryclub.org%2f%2fClick%2f%3f_uid%3d800004603%26_ctid%3d1972187%26redirect%3dhttps%3a%2f%2f1n0w8.codesandbox.io%2f%3faf%3dam1lcmNpZXJAbXVyZXhsdGQuY29t&c=E,1,33KLss3YzRWhFedSrTUVgatC3BBMx2L-L4e7_qZWgR8ttsvQZbCsR6smducdjsRz-uGYCcQc5RJAZdgfM9YfGqlADpHhdxTFS_EgtztnR08wn2_60sAU2Wi-&typo=1 false
    		unknown
    https://codesandbox.io/public/sse-hooks/sse-hooks.f648b14c15c640a14a557113a991cb8d.js false
      		high
      https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js false
        		high
        https://www.ismyrotaryclub.org//Click/?_uid=800004603&_ctid=1972187&redirect=https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29t false
        • Avira URL Cloud: phishing
        		 unknown
        https://codesandbox.io/static/js/banner.be879265d.js false
          		high
          https://1n0w8.codesandbox.io/?af=am1lcmNpZXJAbXVyZXhsdGQuY29t false
            		high
            https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/favicon.ico false
              		high
              https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html#jmercier@murexltd.com false
              • SlashNext: Fake Login Page type: Phishing & Social Engineering
              		 high
              https://kjkrewm-oer84593-nmdfjhplq.s3.eu-west-2.amazonaws.com/index.html false
                		high
                https://static.cloudflareinsights.com/beacon.min.js false
                • URL Reputation: safe
                		 unknown