Windows Analysis Report
http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y

Overview

General Information

Sample URL:	http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y
Analysis ID:	1448089
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Classification

Signatures

Source: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y	HTTP Parser: No favicon
Source: http://a3d27715.physioprogram.it/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:52271 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 May 2024 17:14:52 GMTContent-Type: text/cssContent-Length: 950Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "aa0-618f597da042b-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipX-Powered-By: PleskLinData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 56 db 6e db 38 10 7d f7 57 0c 5a 04 6d 03 4b 91 64 ca 17 e5 65 8b c5 62 db 97 c5 be ed 33 25 52 36 1b 4a 14 48 d9 71 b6 f0 bf 2f 29 91 ba 3b c0 36 06 72 99 19 cd cc 39 73 66 94 a7 47 f8 5d 54 6f 92 1d 4f 35 84 87 c3 c1 8b 82 08 f9 f0 0f 4d ff 96 42 c1 f7 b2 a6 b2 c4 35 13 25 e6 f0 67 91 7e f3 e1 2b e7 d0 3c a0 40 52 45 e5 85 12 1f 1e 9f 56 a7 ba e0 f0 73 05 fa 4b 5c a8 cc b9 78 f5 de 12 50 99 14 9c 3f 37 f6 4c 70 21 13 f8 18 04 41 6b c8 45 59 27 80 82 00 b6 91 1f 3f 3c 85 3e 82 0f df 28 bf d0 9a 65 18 fe a2 67 fa 61 0d 9d 61 0d 5f 25 c3 7c 0d 0a 97 ca d3 b5 59 de e6 f1 5e 69 fa c2 6a af a6 d7 da 53 ec 5f ea 61 f2 e3 ac 74 ee 30 08 1e 6c 4c a1 de f7 bb 1c b8 f2 4e 1a 1f 37 18 3d db 72 2d 75 c5 0a 4b 5a d6 cf ab db 2a 15 e4 6d 3d 44 7c a2 26 7a 98 ae 60 a5 37 b6 b6 8f d9 07 0a 2c 8f ac 4c 60 40 44 d3 98 0e f6 37 92 16 ad 39 c5 d9 cb 51 8a 73 49 34 6b 79 9e 2f d0 78 5b 61 9b 32 3b 4b 65 ec 95 60 66 6c 6d 6c 83 98 d0 4c c8 66 8a 09 94 a2 a4 e3 34 11 3a ec e9 66 5a f0 0e 72 9c e0 ac 66 17 ba d6 bf 9d cc 9c 6d f1 59 1d 9d 82 4a ce a6 c5 c2 fd 9e 90 43 6b 13 e7 da 04 34 24 dc 56 a7 50 33 1a 4d e9 31 1f 3f ee 08 71 69 10 42 03 e2 5e 2d cf c8 e9 ca a4 ed d9 6f b3 c3 cf 21 cb 91 8f 4c 52 b8 35 35 87 9e 8d bf b5 1e 9f 4a 29 a4 26 82 50 47 b1 2d 9f a3 dd 2e 8e 67 a3 db 77 7d ce 1b a8 74 15 87 2a f4 23 1d a9 61 eb 22 95 cf 29 26 36 ff 48 06 db 39 ea 3c c6 5b d4 c0 71 bc a7 e2 6a 1e 60 e5 31 d1 61 7a ee 3a 81 b6 3d 8f 54 69 59 71 e5 5b ec ce 9a 0a a9 27 95 8c ff f4 6a 51 e9 1e aa 2b 28 c1 19 81 8f 84 10 53 d7 af f0 d1 91 41 98 aa 38 d6 2b ee 36 a7 ab db 7b f4 ce e5 9c 5e e7 1e 63 5d 5c 94 cb a9 ab 93 a4 34 17 72 56 2e e5 22 7b 71 c4 34 88 13 f8 f4 69 bc c4 86 16 53 a2 83 e5 3a 31 92 0a 01 ed 50 65 cb 2f 1a 47 7b b7 d9 6b b5 e5 70 96 fc 73 73 ee a4 af 2e c7 2f 10 07 0f b0 d5 34 96 c2 93 b4 a2 b8 9e 6d 50 3b 48 84 1e 00 9f 6b d1 c0 2a 30 2b 2d 9e 79 ab e1 b4 d5 50 7f 76 ee a0 2c 98 86 c3 b7 73 eb 98 ae 30 21 8d 23 0c cc b0 63 f7 ed 3d d2 5b bd 13 aa 6f 36 ab cc 1a ff 8f 56 47 4d 36 d9 4e 94 57 9e b9 16 a2 54 80 a7 53 64 65 b3 23 83 61 3a 21 46 bd ea a2 0d de 11 3a 56 af 3b 08 dd 8f 09 5e 6b 0e 3b ac ef 9c c0 ee e6 9b 23 c7 5a 6f e0 47 b1 02 8a 95 8d b9 e7 9b 21 7c ff 1e f6 45 47 e2 1a 22 ec ae 8b 39 f4 b7 d5 6f 05 25 0c c3 e7 02 5f bd 57 46 ea 53 72 88 0f d5 f5 8b ad b0 b0 22 c3 91 78 95 a4 b9 1e 28 ed 74 18 04 4e de 6e 52 5e 8a 15 53 33 d7 40 c2 95 70 d0 8d dc 51 c7 e9 ad 6d a1 95 73 cf 7d 6c 2f e7 52 f3 b0 db 4e bb 1f b6 3d 90 98 90 ac 59 6a cd a6 79 eb f3 e7 c5 28 c2 24 cd 1c b7 b2 18 85 39 0e 06 31 9a dc 73 51 4e f0 df f1 df 7e 89 e0 28 be 4b f0 c4 b5 4c b0 51 ad 87 fc fe 25 b2 78 4e c2 ed 56 ef 47 7b 50 e6 93 80

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error_docs/styles.css HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=yAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error_docs/server.svg HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://a3d27715.physioprogram.it/error_docs/styles.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=yAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error_docs/server.svg HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: a3d27715.physioprogram.it
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 17:14:52 GMTContent-Type: text/htmlContent-Length: 808Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "328-618f597da042b"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 54 68 69 73 20 70 61 67 65 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2c 20 6f 72 20 69 74 20 6d 6f 76 65 64 20 73 6f 6d 65 77 68 65 72 65 20 65 6c 73 65 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 17:14:52 GMTContent-Type: text/htmlContent-Length: 808Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "328-618f597da042b"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 54 68 69 73 20 70 61 67 65 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2c 20 6f 72 20 69 74 20 6d 6f 76 65 64 20 73 6f 6d 65 77 68 65 72 65 20 65 6c 73 65 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 27 May 2024 17:15:04 GMTContent-Type: text/htmlContent-Length: 795Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "31b-618f597d9f48b"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 33 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 59 6f 75 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 64 6f 63 75 6d 65 6e 74 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>403 Forbidden</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body><div class="page"> <div class="main"

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 52274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52274

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/11@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2124,i,11095427607011043748,2826880530286857159,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2124,i,11095427607011043748,2826880530286857159,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
91.222.173.92	a3d27715.physioprogram.it	Ukraine	39249	KICUA-ASGI	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
a3d27715.physioprogram.it	91.222.173.92	true
www.google.com	142.250.185.164	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://a3d27715.physioprogram.it/error_docs/styles.css	false	Avira URL Cloud: safe	unknown
http://a3d27715.physioprogram.it/error_docs/server.svg	false	Avira URL Cloud: safe	unknown
http://a3d27715.physioprogram.it/	false		unknown
http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y	false		unknown
http://a3d27715.physioprogram.it/favicon.ico	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 42	HTML document, ASCII text	A943672A32297727BAB01C3E76977550	3A667C4B7A457EF6C586CC581D533C128737BF53	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
Chrome Cache Entry: 43	HTML document, ASCII text	A943672A32297727BAB01C3E76977550	3A667C4B7A457EF6C586CC581D533C128737BF53	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
Chrome Cache Entry: 44	SVG Scalable Vector Graphics image	1CC0945F8514ED0F47A5D9D513782BDD	D6989F342CDB9886F48A6D3DA3CB71353BBAB1EF	F74B80306280CCF2DDC635EB09F5F36070EE5769365B0A7A53CA3747602EEBCB
Chrome Cache Entry: 45	HTML document, ASCII text	09939A3F159A94DCECF3402CD0D22C5F	46D3A640B0C042D6FD95EB11471D207812673FFB	57559551C35735C4ACD1EDE5A7D3DF31A3F9B55ACC087FDBB0811813B13D63D3
Chrome Cache Entry: 46	SVG Scalable Vector Graphics image	1CC0945F8514ED0F47A5D9D513782BDD	D6989F342CDB9886F48A6D3DA3CB71353BBAB1EF	F74B80306280CCF2DDC635EB09F5F36070EE5769365B0A7A53CA3747602EEBCB
Chrome Cache Entry: 47	gzip compressed data, from Unix, original size modulo 2^32 2720	1F3E0A4E0CF11D6A41C2A0AFC9BF8297	A4E4D9FD9AFF3A4257FD361FC9E1AA59C058C9FA	22820325F701ED1F092A796A3BF25878C941FB26537C4DEC3C9FE6AB7161CE88

Source: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y	HTTP Parser: No favicon
Source: http://a3d27715.physioprogram.it/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:52271 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error_docs/styles.css HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=yAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error_docs/server.svg HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://a3d27715.physioprogram.it/error_docs/styles.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=yAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error_docs/server.svg HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: a3d27715.physioprogram.it
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 17:14:52 GMTContent-Type: text/htmlContent-Length: 808Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "328-618f597da042b"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 54 68 69 73 20 70 61 67 65 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2c 20 6f 72 20 69 74 20 6d 6f 76 65 64 20 73 6f 6d 65 77 68 65 72 65 20 65 6c 73 65 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 17:14:52 GMTContent-Type: text/htmlContent-Length: 808Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "328-618f597da042b"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 54 68 69 73 20 70 61 67 65 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2c 20 6f 72 20 69 74 20 6d 6f 76 65 64 20 73 6f 6d 65 77 68 65 72 65 20 65 6c 73 65 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 27 May 2024 17:15:04 GMTContent-Type: text/htmlContent-Length: 795Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "31b-618f597d9f48b"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 33 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 59 6f 75 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 64 6f 63 75 6d 65 6e 74 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>403 Forbidden</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body><div class="page"> <div class="main"

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 52274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52274

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/11@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2124,i,11095427607011043748,2826880530286857159,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2124,i,11095427607011043748,2826880530286857159,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1448089
Product:	CloudBasic
Start time:	19:13:59
Start date:	27.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y