Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

URLScan

urlscan

1

http://www.siscard.c...

windows7-x64

1

http://www.siscard.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    80s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2023, 13:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4220
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4220 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4068

Network

  • flag-unknown
    DNS
    www.siscard.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.siscard.com
    IN A
    Response
    www.siscard.com
    IN A
    190.61.250.150
  • flag-unknown
    GET
    http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:80
    Request
    GET /wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 12 Jan 2023 13:33:21 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Location: https://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Content-Length: 324
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-unknown
    GET
    https://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Connection: Keep-Alive
    Host: www.siscard.com
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 12 Jan 2023 13:33:22 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    X-Powered-By: PHP/7.4.28
    Vary: Accept-Encoding,Cookie
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    X-Redirect-By: WordPress
    Location: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Content-Length: 0
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
  • flag-unknown
    DNS
    siscard.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    siscard.com
    IN A
    Response
    siscard.com
    IN A
    190.61.250.150
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_adb17d506f233696b2cbf6ac7f8203a6.css
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_adb17d506f233696b2cbf6ac7f8203a6.css HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:06:13 GMT
    ETag: "14300b26-3f608-5ebf73ba0b998-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:28 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 45411
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_c69d51af149192bf468d5df5535aec7f.css?ver=1664774480
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_single_c69d51af149192bf468d5df5535aec7f.css?ver=1664774480 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:05:23 GMT
    ETag: "14300b0a-897-5ebf738a5c530-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:28 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 535
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:18 GMT
    ETag: "143023eb-15db1-5e9597a62debc"
    Accept-Ranges: bytes
    Content-Length: 89521
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/2022/08/D-DINCondensed-Bold.ttf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/2022/08/D-DINCondensed-Bold.ttf HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:29 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:02:24 GMT
    ETag: "14301a5f-c3c4-5e95977314ddc"
    Accept-Ranges: bytes
    Content-Length: 50116
    Keep-Alive: timeout=5, max=97
    Connection: Keep-Alive
    Content-Type: font/ttf
  • flag-unknown
    GET
    https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Connection: Keep-Alive
    Host: siscard.com
    Response
    HTTP/1.1 404 Not Found
    Date: Thu, 12 Jan 2023 13:33:24 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    X-Powered-By: PHP/7.4.28
    Vary: Accept-Encoding,Cookie
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://siscard.com/wp-json/>; rel="https://api.w.org/"
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1664774480
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1664774480 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Mon, 03 Oct 2022 05:21:20 GMT
    ETag: "14300062-1a7ed-5ea1a838d6386"
    Accept-Ranges: bytes
    Content-Length: 108525
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css?ver=1664774480
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css?ver=1664774480 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Mon, 03 Oct 2022 05:21:20 GMT
    ETag: "143000a4-2cdf-5ea1a838ff3c6"
    Accept-Ranges: bytes
    Content-Length: 11487
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:25 GMT
    ETag: "14302513-194b-5e9597ad83d9c"
    Accept-Ranges: bytes
    Content-Length: 6475
    Keep-Alive: timeout=5, max=97
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/js/autoptimize_134d22f37a5afe1ddcfcc13edc2e3009.js
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/js/autoptimize_134d22f37a5afe1ddcfcc13edc2e3009.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:06:13 GMT
    ETag: "14300b25-390d9-5ebf73b9f90b8-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:28 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Keep-Alive: timeout=5, max=96
    Connection: Keep-Alive
    Transfer-Encoding: chunked
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/2022/08/DIN-Medium-Regular.ttf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/2022/08/DIN-Medium-Regular.ttf HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:29 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:02:28 GMT
    ETag: "14301aaa-7110-5e959776e2414"
    Accept-Ranges: bytes
    Content-Length: 28944
    Keep-Alive: timeout=5, max=95
    Connection: Keep-Alive
    Content-Type: font/ttf
  • flag-unknown
    DNS
    s.w.org
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    s.w.org
    IN A
    Response
    s.w.org
    IN A
    192.0.77.48
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_59da3e3c8fdbd97595c0b04dc8a6489f.css?ver=1664774482
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_single_59da3e3c8fdbd97595c0b04dc8a6489f.css?ver=1664774482 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:05:23 GMT
    ETag: "14300b0b-963b-5ebf738a7c8d0-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:28 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 2783
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:25 GMT
    ETag: "14302507-4ac6-5e9597ad80ebc"
    Accept-Ranges: bytes
    Content-Length: 19142
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/2022/08/D-DIN-Bold-1.ttf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/2022/08/D-DIN-Bold-1.ttf HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:29 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:02:28 GMT
    ETag: "14301ac5-cbec-5e959776e473c"
    Accept-Ranges: bytes
    Content-Length: 52204
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: font/ttf
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_dc45da0d903fc1b8cd123af9e4aec3bf.css?ver=1664774482
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_single_dc45da0d903fc1b8cd123af9e4aec3bf.css?ver=1664774482 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:05:23 GMT
    ETag: "14300b0e-1a79-5ebf738aa5910-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:28 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 1081
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:29 GMT
    ETag: "14302529-27ee-5e9597b0f820c"
    Accept-Ranges: bytes
    Content-Length: 10222
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/2022/08/D-DIN-1.ttf
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/2022/08/D-DIN-1.ttf HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:29 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:02:24 GMT
    ETag: "14301a4b-c07c-5e9597731366c"
    Accept-Ranges: bytes
    Content-Length: 49276
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: font/ttf
  • flag-unknown
    GET
    https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_c77803031473d98d8c9edc29ffb4b3b7.css?ver=1664818507
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/cache/autoptimize/css/autoptimize_single_c77803031473d98d8c9edc29ffb4b3b7.css?ver=1664818507 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Wed, 26 Oct 2022 22:05:23 GMT
    ETag: "14300b0f-3491-5ebf738abbc88-gzip"
    Accept-Ranges: bytes
    Cache-Control: max-age=30672000, public, immutable
    Expires: Tue, 02 Jan 2024 13:33:28 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 1510
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • flag-unknown
    GET
    https://siscard.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Fri, 23 Sep 2022 15:03:29 GMT
    ETag: "14302524-132e-5e9597b0f4774"
    Accept-Ranges: bytes
    Content-Length: 4910
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: application/javascript
  • flag-unknown
    GET
    https://siscard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.eot?
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.eot? HTTP/1.1
    Accept: */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: https://siscard.com
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:29 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Mon, 03 Oct 2022 05:19:46 GMT
    ETag: "14300a41-20cca-5ea1a7deaedfe"
    Accept-Ranges: bytes
    Content-Length: 134346
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: application/vnd.ms-fontobject
  • flag-unknown
    GET
    https://siscard.com/wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1664774483
    IEXPLORE.EXE
    Remote address:
    190.61.250.150:443
    Request
    GET /wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1664774483 HTTP/1.1
    Accept: text/css, */*
    Referer: https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: siscard.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Thu, 12 Jan 2023 13:33:28 GMT
    Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 Phusion_Passenger/6.0.7
    Last-Modified: Mon, 03 Oct 2022 05:21:23 GMT
    ETag: "143000af-72ae-5ea1a83ba3046"
    Accept-Ranges: bytes
    Content-Length: 29358
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/css
  • 190.61.250.150:80
    http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    http
    IEXPLORE.EXE
    906 B
     906 B
     12
    4

    HTTP Request

    GET http://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf

    HTTP Response

    301
  • 190.61.250.150:80
    www.siscard.com
    IEXPLORE.EXE
    242 B
     144 B
     5
    3
  • 190.61.250.150:443
    https://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf
    tls, http
    IEXPLORE.EXE
    1.3kB
     5.0kB
     14
    10

    HTTP Request

    GET https://www.siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf

    HTTP Response

    301
  • 93.184.220.29:80
    260 B
     5
  • 190.61.250.150:443
    https://siscard.com/wp-content/uploads/2022/08/D-DINCondensed-Bold.ttf
    tls, http
    IEXPLORE.EXE
    9.4kB
     198.2kB
     159
    151

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_adb17d506f233696b2cbf6ac7f8203a6.css

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_c69d51af149192bf468d5df5535aec7f.css?ver=1664774480

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/uploads/2022/08/D-DINCondensed-Bold.ttf

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-content/uploads/2022/08/DIN-Medium-Regular.ttf
    tls, http
    IEXPLORE.EXE
    16.0kB
     360.0kB
     285
    275

    HTTP Request

    GET https://siscard.com/wp-content/plugins/formcraft/file-upload/server/content/files/160815ee89bc1b---112444076.pdf

    HTTP Response

    404

    HTTP Request

    GET https://siscard.com/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1664774480

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/uploads/elementor/css/custom-pro-frontend-lite.min.css?ver=1664774480

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/js/autoptimize_134d22f37a5afe1ddcfcc13edc2e3009.js

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/uploads/2022/08/DIN-Medium-Regular.ttf

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-content/uploads/2022/08/D-DIN-Bold-1.ttf
    tls, http
    IEXPLORE.EXE
    5.1kB
     78.4kB
     71
    65

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_59da3e3c8fdbd97595c0b04dc8a6489f.css?ver=1664774482

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/uploads/2022/08/D-DIN-Bold-1.ttf

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-content/uploads/2022/08/D-DIN-1.ttf
    tls, http
    IEXPLORE.EXE
    4.6kB
     64.5kB
     61
    55

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_dc45da0d903fc1b8cd123af9e4aec3bf.css?ver=1664774482

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/uploads/2022/08/D-DIN-1.ttf

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.eot?
    tls, http
    IEXPLORE.EXE
    7.3kB
     147.2kB
     119
    113

    HTTP Request

    GET https://siscard.com/wp-content/cache/autoptimize/css/autoptimize_single_c77803031473d98d8c9edc29ffb4b3b7.css?ver=1664818507

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3

    HTTP Response

    200

    HTTP Request

    GET https://siscard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.eot?

    HTTP Response

    200
  • 190.61.250.150:443
    https://siscard.com/wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1664774483
    tls, http
    IEXPLORE.EXE
    2.4kB
     31.2kB
     33
    29

    HTTP Request

    GET https://siscard.com/wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1664774483

    HTTP Response

    200
  • 93.184.221.240:80
    322 B
     7
  • 40.79.150.121:443
    322 B
     7
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.2kB
     8.1kB
     15
    14
  • 104.80.225.205:443
    322 B
     7
  • 8.8.8.8:53
    www.siscard.com
    dns
    IEXPLORE.EXE
    61 B
     77 B
     1
    1

    DNS Request

    www.siscard.com

    DNS Response

    190.61.250.150

  • 8.8.8.8:53
    siscard.com
    dns
    IEXPLORE.EXE
    57 B
     73 B
     1
    1

    DNS Request

    siscard.com

    DNS Response

    190.61.250.150

  • 8.8.8.8:53
    s.w.org
    dns
    iexplore.exe
    53 B
     69 B
     1
    1

    DNS Request

    s.w.org

    DNS Response

    192.0.77.48

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    c095652a90450f6e9ed5dbdcb1f7e807

    SHA1

    e751b539a52150785c0740d444aa759331b985aa

    SHA256

    7dc466e98f2432c283d67159d100a79c1440e6fd132a9b8aa493cc26f8ff1181

    SHA512

    aa00b805ac890c08dc5eb6cd2cd78385e1b0f4228f1ec1466bf6c203ba3359710539f78a11bca7421e55ad55e6eedafbcefbaecfe7345b56b4beffe6ff57875a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    d709074e366f1d09997052ed0bff2621

    SHA1

    fd128e7d2caf380aae9bbbd115b1fbc69a596355

    SHA256

    3f03a608116ecddb689b76010433db89416086eee7fd70621af936a24e59d74b

    SHA512

    7323abb04c4f1e7ec658e421f8c1c4bf30ecf46e4da970018025d42d3a1746d5b761d620e4b750be310b51da8406c05004553b591b98089253848b8eadc47e58

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.