URL:

http://cerrojardin.cl/fjc939303839ncjd92393003/AUTH-03940hg0393003JF9E0D/9303JDFKD03-38JDJDJD/29JDJ393ND-3JDKDKLDD/99303-38939390933/cerrojardin.panel.html?eta=iq@iq.pl

Full analysis: https://app.any.run/tasks/193466ed-4384-4ee6-b092-a03cc646a694
Verdict: Malicious activity
Analysis date: March 17, 2026, 20:51:57
OS: Ubuntu 22.04.2
Tags:
evasion
telegram
phishing
Indicators:
MD5:

65C3112D26EB39D5328A09198F019F4B

SHA1:

EFF6B7CFC8CE24613CB6A50B297724A9316F4A6D

SHA256:

230160AD728E04156325FBC1721635E33A5B1007D4CA2CF89D3ECEE9823C10FD

SSDEEP:

3:N1KdA1OQncSdjhcWe8IVWQzchvXhJdvh5vmc5Orh0hmKk8reP2WWK3VOpJLNRjAh:CCcQncSBKhZNchPhJt/OcQ1Ak8rG2RVs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • chrome (PID: 2022)

  • SUSPICIOUS

    • Checks for external IP

      • chrome (PID: 2022)

    • The process connected to a server suspected of theft

      • chrome (PID: 2022)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
165
Monitored processes
46
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
dash no specs sudo no specs chrome no specs locale-check no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome_crashpad_handler no specs chrome_crashpad_handler no specs chrome no specs chrome no specs chrome_crashpad_handler no specs chrome no specs #PHISHING chrome chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs readlink no specs dirname no specs mkdir no specs cat no specs cat no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs chrome no specs

Process information

PID
CMD
Path
Indicators
Parent process
1973/bin/sh -c "DISPLAY=:0 sudo --preserve-env=SSLKEYLOGFILE -iu user google-chrome-stable --disable-features=HttpsUpgrades,HttpsFirstModeV2,HttpsOnlyMode,HttpsFirstBalancedMode --no-first -run --no-default-browser-check http://cerrojardin\.cl/fjc939303839ncjd92393003/AUTH-03940hg0393003JF9E0D/9303JDFKD03-38JDJDJD/29JDJ393ND-3JDKDKLDD/99303-38939390933/cerrojardin\.panel\.html?eta=iq@iq\.pl "/usr/bin/dash2EwNpII9hL0vkNEQ
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
1974sudo --preserve-env=SSLKEYLOGFILE -iu user google-chrome-stable --disable-features=HttpsUpgrades,HttpsFirstModeV2,HttpsOnlyMode,HttpsFirstBalancedMode --no-first -run --no-default-browser-check http://cerrojardin.cl/fjc939303839ncjd92393003/AUTH-03940hg0393003JF9E0D/9303JDFKD03-38JDJDJD/29JDJ393ND-3JDKDKLDD/99303-38939390933/cerrojardin.panel.html?eta=iq@iq.pl/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
/usr/lib/x86_64-linux-gnu/libselinux.so.1
/usr/libexec/sudo/libsudo_util.so.0.0.0
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.4
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
/usr/libexec/sudo/sudoers.so
/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
/usr/lib/x86_64-linux-gnu/libz.so.1.2.11
1975/usr/bin/google-chrome-stable --disable-features=HttpsUpgrades,HttpsFirstModeV2,HttpsOnlyMode,HttpsFirstBalancedMode --no-first -run --no-default-browser-check http://cerrojardin.cl/fjc939303839ncjd92393003/AUTH-03940hg0393003JF9E0D/9303JDFKD03-38JDJDJD/29JDJ393ND-3JDKDKLDD/99303-38939390933/cerrojardin.panel.html?eta=iq@iq.pl/opt/google/chrome/chromesudo
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.3
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libdl.so.2
/usr/lib/x86_64-linux-gnu/libpthread.so.0
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.4
/usr/lib/x86_64-linux-gnu/libnspr4.so
/usr/lib/x86_64-linux-gnu/libnss3.so
/usr/lib/x86_64-linux-gnu/libnssutil3.so
/usr/lib/x86_64-linux-gnu/libsmime3.so
1976/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
1977readlink -f /usr/bin/google-chrome-stable/usr/bin/readlinkchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
1978dirname /opt/google/chrome/google-chrome/usr/bin/dirnamechrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
1979mkdir -p /home/user/.local/share/applications/usr/bin/mkdirchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libselinux.so.1
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.4
1980cat/usr/bin/catchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
1981cat/usr/bin/catchrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
1982"/opt/google/chrome/chrome --disable-features=HttpsUpgrades,HttpsFirstModeV2,HttpsOnlyMode,HttpsFirstBalancedMode --no-first -run --no-default-browser-check http://cerrojardin\.cl/fjc939303839ncjd92393003/AUTH-03940hg0393003JF9E0D/9303JDFKD03-38JDJDJD/29JDJ393ND-3JDKDKLDD/99303-38939390933/cerrojardin\.panel\.html?eta=iq@iq\.pl" ./opt/google/chrome/chromechrome
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Executable files
0
Suspicious files
275
Text files
102
Unknown types
0

Dropped files

PID
Process
Filename
Type
1975chrome/home/user/.config/google-chrome/ShaderCache/data_2binary
MD5:
SHA256:
1975chrome/home/user/.config/google-chrome/ShaderCache/data_3binary
MD5:
SHA256:
1975chrome/home/user/.config/google-chrome/ShaderCache/data_0binary
MD5:
SHA256:
1975chrome/home/user/.config/google-chrome/Default/GPUCache/data_2binary
MD5:
SHA256:
1975chrome/home/user/.config/google-chrome/Default/GPUCache/data_3binary
MD5:
SHA256:
1975chrome/home/user/.config/google-chrome/Default/GPUCache/data_0binary
MD5:
SHA256:
2016chrome/home/user/.cache/mesa_shader_cache/indexbinary
MD5:
SHA256:
2097chrome/home/user/.cache/mesa_shader_cache/indexbinary
MD5:
SHA256:
2114chrome/home/user/.cache/mesa_shader_cache/indexbinary
MD5:
SHA256:
1975chrome/home/user/.config/google-chrome/Default/DawnWebGPUCache/data_3binary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
127
TCP/UDP connections
61
DNS requests
64
Threats
18

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2022
chrome
GET
200
142.250.201.78:80
http://clients2.google.com/time/1/current?cup2key=9:le2nRqOI24DzVrOi3mvvnVVVM-x5P2jw8-2VwNIavIs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
104 b
whitelisted
2022
chrome
GET
200
192.185.194.196:80
http://cerrojardin.cl/fjc939303839ncjd92393003/AUTH-03940hg0393003JF9E0D/9303JDFKD03-38JDJDJD/29JDJ393ND-3JDKDKLDD/99303-38939390933/cerrojardin.panel.html?eta=iq@iq.pl
US
html
6.27 Kb
unknown
2022
chrome
GET
200
142.251.127.95:443
https://safebrowsingohttpgateway.googleapis.com/v1/ohttp/hpkekeyconfig?key=AIzaSyBqJZh-7pA44blAaAkH6490hUFOwX0KCYM
US
text
41 b
whitelisted
2022
chrome
POST
200
151.101.129.91:443
https://google-ohttp-relay-safebrowsing.fastly-edge.com/
US
binary
166 b
whitelisted
2022
chrome
GET
301
86.111.240.215:443
https://iq.pl/
PL
unknown
2022
chrome
GET
200
151.101.129.229:443
https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css
US
text
227 Kb
whitelisted
2022
chrome
GET
200
151.101.129.229:443
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css
US
text
91.5 Kb
whitelisted
2022
chrome
GET
200
151.101.129.229:443
https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js
US
text
78.5 Kb
whitelisted
2022
chrome
GET
200
142.250.201.170:443
https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600&display=swap
US
text
3.51 Kb
whitelisted
2022
chrome
GET
301
142.251.141.132:443
https://www.google.com/s2/favicons?domain=zoho.com
US
html
328 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
456
avahi-daemon
224.0.0.251:5353
whitelisted
185.125.190.98:80
connectivity-check.ubuntu.com
CANONICAL-AS
GB
whitelisted
212.102.56.178:443
odrs.gnome.org
CDN77 _
GB
whitelisted
79.127.216.203:443
odrs.gnome.org
CDN77 _
GB
whitelisted
185.125.188.59:443
api.snapcraft.io
CANONICAL-AS
GB
whitelisted
185.125.188.58:443
api.snapcraft.io
CANONICAL-AS
GB
whitelisted
2022
chrome
142.250.201.78:80
clients2.google.com
GOOGLE
US
whitelisted
2022
chrome
142.251.141.131:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
2022
chrome
142.251.127.95:443
safebrowsingohttpgateway.googleapis.com
GOOGLE
US
whitelisted
2022
chrome
192.185.194.196:80
cerrojardin.cl
NETWORK-SOLUTIONS-HOSTING
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.251.143.110
  • 2a00:1450:4001:81b::200e
whitelisted
odrs.gnome.org
  • 212.102.56.178
  • 79.127.216.203
  • 79.127.211.90
  • 195.181.170.18
  • 37.19.194.80
  • 195.181.175.41
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c77a::48
  • 2a02:6ea0:c77a::47
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::101
whitelisted
connectivity-check.ubuntu.com
  • 185.125.190.98
  • 91.189.91.98
  • 91.189.91.96
  • 185.125.190.18
  • 185.125.190.17
  • 185.125.190.48
  • 185.125.190.49
  • 185.125.190.96
  • 91.189.91.49
  • 91.189.91.48
  • 185.125.190.97
  • 91.189.91.97
  • 2620:2d:4000:1::98
  • 2001:67c:1562::23
  • 2620:2d:4000:1::2b
  • 2620:2d:4000:1::97
  • 2620:2d:4000:1::22
  • 2620:2d:4000:1::2a
  • 2620:2d:4002:1::198
  • 2001:67c:1562::24
  • 2620:2d:4000:1::96
  • 2620:2d:4002:1::197
  • 2620:2d:4002:1::196
  • 2620:2d:4000:1::23
whitelisted
api.snapcraft.io
  • 185.125.188.59
  • 185.125.188.54
  • 185.125.188.58
  • 185.125.188.57
  • 2620:2d:4000:1010::42
  • 2620:2d:4000:1010::117
  • 2620:2d:4000:1010::3da
  • 2620:2d:4000:1010::2cc
whitelisted
clients2.google.com
  • 142.250.201.78
whitelisted
clientservices.googleapis.com
  • 142.251.141.131
whitelisted
clients.l.google.com
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.251.127.95
  • 142.250.201.74
  • 142.251.141.74
  • 172.217.16.202
  • 142.250.187.202
  • 142.251.141.138
  • 142.251.140.170
  • 216.58.206.42
  • 142.251.208.10
  • 142.251.208.170
  • 142.250.186.74
  • 142.251.36.106
  • 216.58.206.74
  • 142.251.141.106
whitelisted
cerrojardin.cl
  • 192.185.194.196
unknown
accounts.google.com
  • 142.251.127.84
whitelisted

Threats

PID
Process
Class
Message
415
systemd-resolved
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
415
systemd-resolved
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
2022
chrome
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
415
systemd-resolved
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
415
systemd-resolved
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2022
chrome
Device Retrieving External IP Address Detected
POLICY [ANY.RUN] External IP Lookup by HTTP (api .ipify .org)
415
systemd-resolved
Misc activity
SUSPICIOUS [ANY.RUN] Possible sending an external IP address to Telegram
415
systemd-resolved
Misc activity
ET HUNTING Telegram API Domain in DNS Lookup
2022
chrome
Misc activity
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
415
systemd-resolved
Misc activity
SUSPICIOUS [ANY.RUN] Possible sending an external IP address to Telegram
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://cerrojardin.cl/fjc939303839ncjd92393003/AUTH-03940hg0393003JF9E0D/9303JDFKD03-38JDJDJD/29JDJ393ND-3JDKDKLDD/99303-38939390933/cerrojardin.panel.html?eta=iq@iq.pl