Windows Analysis Report https://prismadvisoryllc.stonly.com/kb/en

Overview

General Information

Sample URL: https://prismadvisoryllc.stonly.com/kb/en
Analysis ID: 528164
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected HtmlPhish7
Queries the volume information (name, serial number etc) of a device
No HTML title found
HTML body contains low number of good links
Sigma detected: Windows Suspicious Use Of Web Request in CommandLine

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: https://prismadvisoryllc.stonly.com/kb/en Avira URL Cloud: detection malicious, Label: phishing
Antivirus detection for URL or domain
Source: https://hungry-easley-21d5d2.netlify.app/M Avira URL Cloud: Label: phishing
Source: https://hungry-easley-21d5d2.netlify.app/Microsoft Avira URL Cloud: Label: phishing
Source: https://prismadvisoryllc.stonly.com/kb/en/ Avira URL Cloud: Label: phishing
Source: https://hungry-easley-21d5d2.netlify.app/favicon.icoChIKBw2DqFs9GgAKBw3OQUx6GgAKJAoHDftxkgUaAAoHDWb0 Avira URL Cloud: Label: phishing

Phishing:

barindex
Yara detected HtmlPhish7
Source: Yara match File source: 04165.2.pages.csv, type: HTML
No HTML title found
Source: https://hungry-easley-21d5d2.netlify.app/ HTTP Parser: HTML title missing
Source: https://hungry-easley-21d5d2.netlify.app/ HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://hungry-easley-21d5d2.netlify.app/ HTTP Parser: Number of links: 0
Source: https://hungry-easley-21d5d2.netlify.app/ HTTP Parser: Number of links: 0
Source: https://hungry-easley-21d5d2.netlify.app/ HTTP Parser: No <meta name="author".. found
Source: https://hungry-easley-21d5d2.netlify.app/ HTTP Parser: No <meta name="author".. found
Source: https://hungry-easley-21d5d2.netlify.app/ HTTP Parser: No <meta name="copyright".. found
Source: https://hungry-easley-21d5d2.netlify.app/ HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\3560_2126252136\LICENSE.txt Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 52.47.99.247:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.47.99.247:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: Ruleset Data.4.dr String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.4.dr, Ruleset Data.4.dr String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.4.dr String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: public, max-age=0, must-revalidatecontent-type: text/html; charset=utf-8date: Wed, 24 Nov 2021 19:16:55 GMTetag: 1637774637-sslstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-nf-request-id: 01FN9P29PFPQJDF2KEQG19619Tage: 0server: Netlifytransfer-encoding: chunked
Source: angular.js.4.dr String found in binary or memory: http://angularjs.org
Source: wget.exe, 00000002.00000003.245673410.0000000002D04000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.245740382.0000000002D0B000.00000004.00000001.sdmp, wget.exe, 00000002.00000002.246317750.0000000002D0E000.00000004.00000001.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000003.245673410.0000000002D04000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.245740382.0000000002D0B000.00000004.00000001.sdmp, wget.exe, 00000002.00000002.246317750.0000000002D0E000.00000004.00000001.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000003.245673410.0000000002D04000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.245740382.0000000002D0B000.00000004.00000001.sdmp, wget.exe, 00000002.00000002.246317750.0000000002D0E000.00000004.00000001.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl7
Source: angular.js.4.dr String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.4.dr String found in binary or memory: http://llvm.org/):
Source: mirroring_hangouts.js.4.dr String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.4.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.4.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.4.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Reporting and NEL.7.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=iBdaa1gtVsUl8aJb1c3KofD2Ql1dqSt0H9%2BTdyPPbHTyv%2BSHnEOs7Tw
Source: Reporting and NEL.7.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=kUrG5Qew8ytz9YhsOdN%2FHZceCY5n4Tzmm41GCO9hrwRcrHmMGoTgmoj9q
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr, manifest.json.4.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.4.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://ajax.googleapis.com
Source: data_1.7.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: data_2.7.dr String found in binary or memory: https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125
Source: data_1.7.dr String found in binary or memory: https://api.stonly.com/api/v2/widget/integration?widgetId=34028143-4d3f-11ec-83f1-062882f67cfe&url=f
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr, manifest.json.4.dr String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.4.dr String found in binary or memory: https://apis.google.com/js/client.js
Source: mirroring_common.js.4.dr String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: data_1.7.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: data_1.7.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jskf
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.4.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.4.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json.4.dr, manifest.json1.4.dr, manifest.json0.4.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.4.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.4.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: data_1.7.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_1.7.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js&
Source: data_1.7.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.7.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCbdnKREE6oavEgk
Source: manifest.json.4.dr String found in binary or memory: https://content.googleapis.com
Source: mirroring_cast_streaming.js.4.dr, common.js.4.dr String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: LICENSE.txt.4.dr String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.4.dr String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.7.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.7.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
Source: Reporting and NEL.7.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: data_3.7.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 29c41d1a-fb76-4851-a7a0-b004396cfafc.tmp.7.dr, 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr, 0fcaf2c9-5681-4ee5-a3a4-73af19746cd0.tmp.7.dr String found in binary or memory: https://dns.google
Source: mirroring_common.js.4.dr String found in binary or memory: https://docs.google.com
Source: LICENSE.txt.4.dr String found in binary or memory: https://easylist.to/)
Source: manifest.json.4.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://fonts.googleapis.com
Source: data_1.7.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: data_2.7.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: manifest.json.4.dr String found in binary or memory: https://fonts.googleapis.com;
Source: data_3.7.dr String found in binary or memory: https://fonts.gstatic.com
Source: data_2.7.dr String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v18/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6o3ms.woff2
Source: data_2.7.dr String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v18/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rHmsJCQ.wo
Source: data_2.7.dr String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v18/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rXmsJCQ.wo
Source: manifest.json.4.dr String found in binary or memory: https://fonts.gstatic.com;
Source: angular.js.4.dr, material_css_min.css.4.dr String found in binary or memory: https://github.com/angular/material
Source: LICENSE.txt.4.dr String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.4.dr, craw_background.js.4.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json.4.dr String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: Current Session.4.dr, History.4.dr String found in binary or memory: https://hungry-easley-21d5d2.netlify.app/
Source: History Provider Cache.4.dr String found in binary or memory: https://hungry-easley-21d5d2.netlify.app/2
Source: data_1.7.dr String found in binary or memory: https://hungry-easley-21d5d2.netlify.app/M
Source: History.4.dr String found in binary or memory: https://hungry-easley-21d5d2.netlify.app/Microsoft
Source: data_1.7.dr String found in binary or memory: https://hungry-easley-21d5d2.netlify.app/favicon.ico
Source: data_1.7.dr String found in binary or memory: https://hungry-easley-21d5d2.netlify.app/favicon.icoChIKBw2DqFs9GgAKBw3OQUx6GgAKJAoHDftxkgUaAAoHDWb0
Source: data_3.7.dr String found in binary or memory: https://ka-f.fontawesome.com
Source: data_1.7.dr String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Source: data_1.7.dr String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Source: data_3.7.dr String found in binary or memory: https://kit.fontawesome.com
Source: data_1.7.dr String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: data_1.7.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: data_1.7.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: data_1.7.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsy
Source: mirroring_common.js.4.dr String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://meetings.clients6.google.com
Source: data_1.7.dr, en.2.dr String found in binary or memory: https://momentumtelecom.com/wp-content/uploads/voicemail-to-email-icon.png
Source: mirroring_common.js.4.dr String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://ogs.google.com
Source: craw_window.js.4.dr, manifest.json0.4.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: wget.exe, 00000002.00000002.246090707.0000000000110000.00000004.00000020.sdmp, wget.exe, 00000002.00000003.245673410.0000000002D04000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.245740382.0000000002D0B000.00000004.00000001.sdmp, wget.exe, 00000002.00000002.246317750.0000000002D0E000.00000004.00000001.sdmp, cmdline.out.0.dr String found in binary or memory: https://prismadvisoryllc.stonly.com/kb/en
Source: wget.exe, 00000002.00000003.245673410.0000000002D04000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.245740382.0000000002D0B000.00000004.00000001.sdmp, wget.exe, 00000002.00000002.246317750.0000000002D0E000.00000004.00000001.sdmp String found in binary or memory: https://prismadvisoryllc.stonly.com/kb/en%
Source: en.2.dr String found in binary or memory: https://prismadvisoryllc.stonly.com/kb/en/
Source: 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://r2---sn-4g5ednse.gvt1.com
Source: data_3.7.dr String found in binary or memory: https://r2---sn-4g5ednse.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://redirector.gvt1.com
Source: data_1.7.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: craw_window.js.4.dr, manifest.json0.4.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://ssl.gstatic.com
Source: 000003.log0.4.dr String found in binary or memory: https://stonly.com
Source: data_1.7.dr String found in binary or memory: https://stonly.com/api/v1/auth/status
Source: data_1.7.dr String found in binary or memory: https://stonly.com/borderlessembed/en/ko5RfhcS8k/Steps
Source: data_1.7.dr, Current Session.4.dr String found in binary or memory: https://stonly.com/borderlessembed/en/ko5RfhcS8k/Steps/9025
Source: data_1.7.dr String found in binary or memory: https://stonly.com/borderlessembed/en/ko5RfhcS8k/Steps/9025)
Source: data_1.7.dr String found in binary or memory: https://stonly.com/borderlessembed/ko5RfhcS8k/Steps/
Source: en.2.dr String found in binary or memory: https://stonly.com/js/widget/v2/
Source: data_1.7.dr String found in binary or memory: https://stonly.com/js/widget/v2/stonly-widget.js?v=a3015330
Source: data_1.7.dr String found in binary or memory: https://stonly.com/js/widget/v2/stonly-widget.js?v=a3015330/5If
Source: data_1.7.dr String found in binary or memory: https://stonly.com/js/widget/v2/vendors~widget-367d8c52fbd36be15114.stonly.js
Source: data_1.7.dr String found in binary or memory: https://stonly.com/js/widget/v2/version?v=1637813808323
Source: data_1.7.dr String found in binary or memory: https://stonly.com/js/widget/v2/widget-7f241c286e7344967d85.stonly.js
Source: data_1.7.dr String found in binary or memory: https://stonly.com/js/widget/v2/widget-7f241c286e7344967d85.stonly.jsD
Source: wget.exe, 00000002.00000003.245252256.0000000002D3F000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.245658527.0000000002D49000.00000004.00000001.sdmp String found in binary or memory: https://stonly.com/product/knowledge-base-software?utm_source=prismadvisoryllc&amp;utm_medium=stonly
Source: en.2.dr String found in binary or memory: https://stonly.com/resources/facebook-cover.jpg
Source: en.2.dr String found in binary or memory: https://stonly.com/resources/twitter-cover.png
Source: data_1.7.dr String found in binary or memory: https://stonly.com/static/css/2.e84be7a5.chunk.css
Source: data_1.7.dr String found in binary or memory: https://stonly.com/static/js/0.59582333.chunk.js
Source: data_1.7.dr String found in binary or memory: https://stonly.com/static/js/1.df998174.chunk.js
Source: data_1.7.dr String found in binary or memory: https://stonly.com/static/js/1.df998174.chunk.jsN
Source: data_1.7.dr String found in binary or memory: https://stonly.com/static/js/2.d4ec5800.chunk.js
Source: data_1.7.dr String found in binary or memory: https://stonly.com/static/js/3.348ba300.chunk.js
Source: wget.exe, 00000002.00000003.245658527.0000000002D49000.00000004.00000001.sdmp, data_1.7.dr String found in binary or memory: https://stonly.com/static/js/bundle.8dd7f764.js
Source: data_1.7.dr String found in binary or memory: https://stonly.imgix.net/media/images/9bdea7ad-9ff1-484a-badc-23658c16ff86.png?w=1280&h=1440&auto=fo
Source: messages.json5.4.dr, messages.json1.4.dr, messages.json.4.dr, messages.json37.4.dr, messages.json87.4.dr, messages.json81.4.dr, messages.json82.4.dr, messages.json52.4.dr, messages.json74.4.dr, messages.json2.4.dr, messages.json56.4.dr, messages.json0.4.dr, messages.json86.4.dr, messages.json80.4.dr, messages.json11.4.dr, messages.json13.4.dr, messages.json79.4.dr, messages.json83.4.dr, messages.json10.4.dr, messages.json4.4.dr, messages.json8.4.dr, messages.json9.4.dr, messages.json7.4.dr, messages.json49.4.dr, messages.json35.4.dr, messages.json36.4.dr, messages.json78.4.dr, messages.json25.4.dr, messages.json38.4.dr, messages.json23.4.dr, messages.json76.4.dr, messages.json14.4.dr, messages.json6.4.dr, messages.json75.4.dr, messages.json51.4.dr, messages.json85.4.dr, messages.json55.4.dr, messages.json70.4.dr, messages.json24.4.dr, messages.json53.4.dr, messages.json22.4.dr, messages.json3.4.dr, messages.json88.4.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json5.4.dr, messages.json1.4.dr, messages.json.4.dr, messages.json37.4.dr, messages.json87.4.dr, messages.json81.4.dr, messages.json82.4.dr, messages.json52.4.dr, messages.json74.4.dr, messages.json2.4.dr, messages.json56.4.dr, messages.json0.4.dr, messages.json86.4.dr, messages.json80.4.dr, messages.json11.4.dr, messages.json13.4.dr, messages.json79.4.dr, messages.json83.4.dr, messages.json10.4.dr, messages.json4.4.dr, messages.json8.4.dr, messages.json9.4.dr, messages.json7.4.dr, messages.json49.4.dr, messages.json35.4.dr, messages.json36.4.dr, messages.json78.4.dr, messages.json25.4.dr, messages.json38.4.dr, messages.json23.4.dr, messages.json76.4.dr, messages.json14.4.dr, messages.json6.4.dr, messages.json75.4.dr, messages.json51.4.dr, messages.json85.4.dr, messages.json55.4.dr, messages.json70.4.dr, messages.json24.4.dr, messages.json53.4.dr, messages.json22.4.dr, messages.json3.4.dr, messages.json88.4.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_window.js.4.dr, craw_background.js.4.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://www.google-analytics.com
Source: data_1.7.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr, manifest.json.4.dr String found in binary or memory: https://www.google.com
Source: manifest.json0.4.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.4.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.4.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.4.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.4.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.4.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.4.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.4.dr String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json.4.dr String found in binary or memory: https://www.google.com;
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr, craw_window.js.4.dr, craw_background.js.4.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.4.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.4.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json.4.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json0.4.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.4.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.4.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json.4.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json.4.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json.4.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json.4.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json0.4.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.4.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json.4.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.4.dr String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.4.dr String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 19269de8-f4cf-4d6d-9291-5effb57b7b3b.tmp.7.dr, 1b2a9f76-1c5d-4f65-85d3-3e86ea9d8dff.tmp.7.dr String found in binary or memory: https://www.gstatic.com
Source: common.js.4.dr String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json.4.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: prismadvisoryllc.stonly.com
Source: global traffic HTTP traffic detected: GET /kb/en HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: prismadvisoryllc.stonly.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/bundle.8dd7f764.js HTTP/1.1Host: stonly.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/widget/v2/version?v=1637813808323 HTTP/1.1Host: stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-content/uploads/voicemail-to-email-icon.png HTTP/1.1Host: momentumtelecom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/widget/v2/stonly-widget.js?v=a3015330 HTTP/1.1Host: stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/css/2.e84be7a5.chunk.css HTTP/1.1Host: stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/0.59582333.chunk.js HTTP/1.1Host: stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/3.348ba300.chunk.js HTTP/1.1Host: stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/1.df998174.chunk.js HTTP/1.1Host: stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/2.d4ec5800.chunk.js HTTP/1.1Host: stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/widget/v2/vendors~widget-367d8c52fbd36be15114.stonly.js HTTP/1.1Host: stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/widget/v2/widget-7f241c286e7344967d85.stonly.js HTTP/1.1Host: stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /borderlessembed/ko5RfhcS8k/Steps/ HTTP/1.1Host: stonly.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /borderlessembed/en/ko5RfhcS8k/Steps HTTP/1.1Host: stonly.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/v2/widget/integration?widgetId=34028143-4d3f-11ec-83f1-062882f67cfe&url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FDesktop%2Fdownload%2Fen.html HTTP/1.1Host: api.stonly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /borderlessembed/en/ko5RfhcS8k/Steps/9025 HTTP/1.1Host: stonly.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /media/images/9bdea7ad-9ff1-484a-badc-23658c16ff86.png?w=1280&h=1440&auto=format&dpr=1 HTTP/1.1Host: stonly.imgix.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://stonly.com/borderlessembed/en/ko5RfhcS8k/Steps/9025Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /analytics.js HTTP/1.1Host: www.google-analytics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://stonly.com/borderlessembed/en/ko5RfhcS8k/Steps/9025Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/v1/auth/status HTTP/1.1Host: stonly.comConnection: keep-aliveAccept: application/json, text/plain, */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Content-Type: application/json;charset=utf-8Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://stonly.com/borderlessembed/en/ko5RfhcS8k/Steps/9025Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: hungry-easley-21d5d2.netlify.appConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: stonly.com
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://hungry-easley-21d5d2.netlify.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://hungry-easley-21d5d2.netlify.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://hungry-easley-21d5d2.netlify.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hungry-easley-21d5d2.netlify.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://hungry-easley-21d5d2.netlify.appUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://hungry-easley-21d5d2.netlify.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hungry-easley-21d5d2.netlify.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hungry-easley-21d5d2.netlify.app/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown HTTPS traffic detected: 52.47.99.247:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.47.99.247:443 -> 192.168.2.5:49799 version: TLS 1.2

System Summary:

barindex
Source: C:\Windows\SysWOW64\wget.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://prismadvisoryllc.stonly.com/kb/en" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://prismadvisoryllc.stonly.com/kb/en"
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "C:\Users\user\Desktop\download\en.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,16495614340843645079,2020711700463352792,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://prismadvisoryllc.stonly.com/kb/en" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,16495614340843645079,2020711700463352792,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2372:120:WilError_01
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\Desktop\cmdline.out Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\b9e78e72-d6b2-409c-9e12-ca4e91dbc174.tmp Jump to behavior
Source: classification engine Classification label: mal64.phis.win@40/260@16/17
Source: C:\Windows\SysWOW64\wget.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\3560_2126252136\LICENSE.txt Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\wget.exe Queries volume information: C:\Users\user\Desktop\download VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 528164 URL: https://prismadvisoryllc.st... Startdate: 24/11/2021 Architecture: WINDOWS Score: 64 26 stonly.com 2->26 44 Antivirus detection for URL or domain 2->44 46 Antivirus / Scanner detection for submitted sample 2->46 48 Yara detected HtmlPhish7 2->48 7 chrome.exe 15 453 2->7         started        11 cmd.exe 2 2->11         started        signatures3 process4 dnsIp5 28 192.168.2.1 unknown unknown 7->28 30 192.168.2.255 unknown unknown 7->30 32 239.255.255.250 unknown Reserved 7->32 20 C:\...\pnacl_public_x86_64_pnacl_sz_nexe, ELF 7->20 dropped 22 C:\...\pnacl_public_x86_64_pnacl_llc_nexe, ELF 7->22 dropped 24 C:\Users\user\...\pnacl_public_x86_64_ld_nexe, ELF 7->24 dropped 13 chrome.exe 36 7->13         started        16 wget.exe 2 11->16         started        18 conhost.exe 11->18         started        file6 process7 dnsIp8 34 clients.l.google.com 142.250.203.110, 443, 49761, 54794 GOOGLEUS United States 13->34 36 googlehosted.l.googleusercontent.com 142.250.203.97, 443, 49820 GOOGLEUS United States 13->36 42 17 other IPs or domains 13->42 38 stonly.com 52.47.99.247, 443, 49742, 49755 AMAZON-02US United States 16->38 40 prismadvisoryllc.stonly.com 16->40
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.18.10.207
 maxcdn.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
216.58.215.238
 www-google-analytics.l.google.com United States
15169 GOOGLEUS false
35.180.102.127
 api.stonly.com United States
16509 AMAZON-02US false
142.250.203.110
 clients.l.google.com United States
15169 GOOGLEUS false
172.217.168.45
 accounts.google.com United States
15169 GOOGLEUS false
35.184.234.127
 momentumtelecom.com United States
15169 GOOGLEUS false
142.250.203.97
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
172.217.168.3
 gstaticadssl.l.google.com United States
15169 GOOGLEUS false
104.16.18.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
3.67.153.12
 hungry-easley-21d5d2.netlify.app United States
16509 AMAZON-02US false
151.101.114.208
 dualstack.com.imgix.map.fastly.net United States
54113 FASTLYUS false
52.47.99.247
 prismadvisoryllc.stonly.com United States
16509 AMAZON-02US false
167.71.248.204
 sentry.stonly.com United States
14061 DIGITALOCEAN-ASNUS false
239.255.255.250
 unknown Reserved
unknown unknown false

Private
IP
192.168.2.1
192.168.2.255
127.0.0.1

Contacted Domains

Name IP Active
momentumtelecom.com 35.184.234.127 true
gstaticadssl.l.google.com 172.217.168.3 true
accounts.google.com 172.217.168.45 true
www-google-analytics.l.google.com 216.58.215.238 true
maxcdn.bootstrapcdn.com 104.18.10.207 true
sentry.stonly.com 167.71.248.204 true
hungry-easley-21d5d2.netlify.app 3.67.153.12 true
cdnjs.cloudflare.com 104.16.18.94 true
prismadvisoryllc.stonly.com 52.47.99.247 true
api.stonly.com 35.180.102.127 true
stonly.com 52.47.99.247 true
clients.l.google.com 142.250.203.110 true
dualstack.com.imgix.map.fastly.net 151.101.114.208 true
googlehosted.l.googleusercontent.com 142.250.203.97 true
ka-f.fontawesome.com unknown unknown
kit.fontawesome.com unknown unknown
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown
code.jquery.com unknown unknown
stonly.imgix.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://stonly.com/js/widget/v2/vendors~widget-367d8c52fbd36be15114.stonly.js false
  • Avira URL Cloud: safe
 unknown
https://sentry.stonly.com/api/4/envelope/?sentry_key=c8f0e82290984834976ac2929b555c43&sentry_version=7 false
  • Avira URL Cloud: safe
 unknown
https://stonly.com/borderlessembed/en/ko5RfhcS8k/Steps false
  • Avira URL Cloud: safe
 unknown
https://stonly.com/static/js/0.59582333.chunk.js false
  • Avira URL Cloud: safe
 unknown
https://stonly.com/js/widget/v2/stonly-widget.js?v=a3015330 false
  • Avira URL Cloud: safe
 unknown
file:///C:/Users/user/Desktop/download/en.html true
    		low
    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js false
      		high
      https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
        		high
        https://stonly.com/borderlessembed/en/ko5RfhcS8k/Steps/9025 false
          		unknown
          https://prismadvisoryllc.stonly.com/kb/en true
            		unknown
            https://stonly.com/api/v1/stat false
            • Avira URL Cloud: safe
            		 unknown
            https://stonly.com/favicon.ico false
            • Avira URL Cloud: safe
            		 unknown
            https://stonly.imgix.net/media/images/9bdea7ad-9ff1-484a-badc-23658c16ff86.png?w=1280&h=1440&auto=format&dpr=1 false
              		high
              https://hungry-easley-21d5d2.netlify.app/ false
                		unknown
                https://stonly.com/js/widget/v2/version?v=1637813808323 false
                • Avira URL Cloud: safe
                		 unknown
                https://stonly.com/static/js/2.d4ec5800.chunk.js false
                • Avira URL Cloud: safe
                		 unknown
                https://api.stonly.com/api/v2/widget/integration?widgetId=34028143-4d3f-11ec-83f1-062882f67cfe&url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FDesktop%2Fdownload%2Fen.html false
                • Avira URL Cloud: safe
                		 unknown
                https://stonly.com/api/v1/auth/status false
                • Avira URL Cloud: safe
                		 unknown
                https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
                  		high
                  https://stonly.com/static/js/3.348ba300.chunk.js false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://stonly.com/js/widget/v2/widget-7f241c286e7344967d85.stonly.js false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://stonly.com/static/css/2.e84be7a5.chunk.css false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
                    		high
                    https://hungry-easley-21d5d2.netlify.app/ true
                      		unknown
                      https://stonly.com/static/js/1.df998174.chunk.js false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css false
                        		high
                        https://stonly.com/borderlessembed/en/ko5RfhcS8k/Steps/9025 true
                          		unknown