Windows Analysis Report
https://u11274505.ct.sendgrid.net/ls/click?upn=u001.xbKAJPUlNzBpPoo-2BvJOvExH-2BDY0F3cjPbxyIYVrYi891Q3fv1PEoS1zATMtfFNX7fUI6t9jmZ-2FQT-2Bq3BvGTXf2nwkAaZzH38QmRsBxcSP7pgGtwYaNusvuZ8-2B8YBX-2FaPOSNuyI068YUtuIImm-2FG8ZzSSKtaYVdLXXNL8Zexzy9gpXvlLfjPcI9K4GvXWmcKqr-2Futqo0VrMQyRCUTWSY8Ju1JOqAwW3jvQfb-2FGl

Overview

General Information

Sample URL: https://u11274505.ct.sendgrid.net/ls/click?upn=u001.xbKAJPUlNzBpPoo-2BvJOvExH-2BDY0F3cjPbxyIYVrYi891Q3fv1PEoS1zATMtfFNX7fUI6t9jmZ-2FQT-2Bq3BvGTXf2nwkAaZzH38QmRsBxcSP7pgGtwYaNusvuZ8-2B8YBX-2FaPOSNuyI06
Analysis ID: 1466683
Infos:

Detection

HTMLPhisher
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Yara detected HtmlPhish10
Detected hidden input values containing email addresses (often used in phishing pages)
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden URLs or javascript code
HTML title does not match URL

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://u11274505.ct.sendgrid.net/ls/click?upn=u001.xbKAJPUlNzBpPoo-2BvJOvExH-2BDY0F3cjPbxyIYVrYi891Q3fv1PEoS1zATMtfFNX7fUI6t9jmZ-2FQT-2Bq3BvGTXf2nwkAaZzH38QmRsBxcSP7pgGtwYaNusvuZ8-2B8YBX-2FaPOSNuyI068YUtuIImm-2FG8ZzSSKtaYVdLXXNL8Zexzy9gpXvlLfjPcI9K4GvXWmcKqr-2Futqo0VrMQyRCUTWSY8Ju1JOqAwW3jvQfb-2FGlVN49A-3DA3uJ_83Mm6JGxYeyjWUEVVwNw-2FOQR5KenWSXlrmgVLdCQ0m0nm-2BVkoMuv0AM3K3klFnd-2BVFk-2F6wXDTATFPLhGF6LXpO8flMHbxHnWuVZU4-2B2kcQ7rtXL1s-2FB5dzTWvoVXthEfeS-2FsiBYprBy0Gv3BE1R5WeWR-2BLU7ogV9cUTkRV0fWzI2J2LK-2FnWMPOuiXqkYsOoOxdR-2FSve2X6PYNPBxjRC-2B1A-3D-3D SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
AI detected phishing page
Source: https://033scsalas.buzz LLM: Score: 9 brands: CHU Brest Reasons: The URL 'https://033scsalas.buzz' is highly suspicious as it does not match the legitimate domain 'chu-brest.fr' associated with CHU Brest. The use of a .buzz TLD is uncommon for legitimate organizations and is often used in phishing attacks. The webpage prominently displays a login form, which is a common tactic in phishing sites to harvest credentials. There is no CAPTCHA present, which is often used by legitimate sites to prevent automated attacks. The email address 'dba@chu-brest.fr' is used to make the page appear legitimate, which is a social engineering technique. The overall design of the page mimics a legitimate login page, but the domain discrepancy and other factors strongly indicate that this is a phishing site. DOM: 3.4.pages.csv
Yara detected HtmlPhish10
Source: Yara match File source: 3.4.pages.csv, type: HTML
Detected hidden input values containing email addresses (often used in phishing pages)
Source: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG HTTP Parser: dba@chu-brest.fr
HTML body contains low number of good links
Source: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG HTTP Parser: Number of links: 0
Source: https://033scsalas.buzz/l/login.php?puid=oyDQ6Dg0oe9zdTFU&origin=1&url=http%3A%2F%2Fchu-brest.fr HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://033scsalas.buzz/l/login.php?puid=oyDQ6Dg0oe9zdTFU&origin=1&url=http%3A%2F%2Fchu-brest.fr HTTP Parser: <input type="password" .../> found but no <form action="...
HTML page contains hidden URLs or javascript code
Source: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG HTTP Parser: Base64 decoded: https://033scsalas.buzz:443
HTML title does not match URL
Source: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG HTTP Parser: Title: Portal Login does not match URL
Source: https://033scsalas.buzz/l/login.php?puid=oyDQ6Dg0oe9zdTFU&origin=1&url=http%3A%2F%2Fchu-brest.fr HTTP Parser: Title: Portal Login does not match URL
Source: https://033scsalas.buzz/l/login.php?puid=oyDQ6Dg0oe9zdTFU&origin=1&url=http%3A%2F%2Fchu-brest.fr HTTP Parser: <input type="password" .../> found
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4&co=aHR0cHM6Ly8wMzNzY3NhbGFzLmJ1eno6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=g0id37o8i6xk HTTP Parser: No favicon
Source: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG HTTP Parser: No <meta name="author".. found
Source: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG HTTP Parser: No <meta name="author".. found
Source: https://033scsalas.buzz/l/login.php?puid=oyDQ6Dg0oe9zdTFU&origin=1&url=http%3A%2F%2Fchu-brest.fr HTTP Parser: No <meta name="author".. found
Source: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG HTTP Parser: No <meta name="copyright".. found
Source: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG HTTP Parser: No <meta name="copyright".. found
Source: https://033scsalas.buzz/l/login.php?puid=oyDQ6Dg0oe9zdTFU&origin=1&url=http%3A%2F%2Fchu-brest.fr HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.7:49715 version: TLS 1.2
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: u11274505.ct.sendgrid.net to https://confirmed.onelink.me/mzya?pid=email&af_dp=adidas-confirmed://product/gw1229&af_web_dp=https://hurenbijintermarishoeksteen.nl/#zgjhqgnods1icmvzdc5mcg==
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ls/click?upn=u001.xbKAJPUlNzBpPoo-2BvJOvExH-2BDY0F3cjPbxyIYVrYi891Q3fv1PEoS1zATMtfFNX7fUI6t9jmZ-2FQT-2Bq3BvGTXf2nwkAaZzH38QmRsBxcSP7pgGtwYaNusvuZ8-2B8YBX-2FaPOSNuyI068YUtuIImm-2FG8ZzSSKtaYVdLXXNL8Zexzy9gpXvlLfjPcI9K4GvXWmcKqr-2Futqo0VrMQyRCUTWSY8Ju1JOqAwW3jvQfb-2FGlVN49A-3DA3uJ_83Mm6JGxYeyjWUEVVwNw-2FOQR5KenWSXlrmgVLdCQ0m0nm-2BVkoMuv0AM3K3klFnd-2BVFk-2F6wXDTATFPLhGF6LXpO8flMHbxHnWuVZU4-2B2kcQ7rtXL1s-2FB5dzTWvoVXthEfeS-2FsiBYprBy0Gv3BE1R5WeWR-2BLU7ogV9cUTkRV0fWzI2J2LK-2FnWMPOuiXqkYsOoOxdR-2FSve2X6PYNPBxjRC-2B1A-3D-3D HTTP/1.1Host: u11274505.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?pid=Email HTTP/1.1Host: hurenbijintermarishoeksteen.nlConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?email=dba@chu-brest.fr HTTP/1.1Host: 033scsalas.buzzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://hurenbijintermarishoeksteen.nl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /index.php?csrftoken=MTcxOTk5MDk2MTZjYzg2YjY1MDJiYjVhY2M0NWMwYmFiOGZmMGRmYWU5ZmZkMDA3ZmFiZGE0MGEwNzNmNjRiZDc5Nzk4MzUzZjhhZDBhODg1OA== HTTP/1.1Host: 033scsalas.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://hurenbijintermarishoeksteen.nl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=3bf1e1266bf74e8468b8f7dbf927c6a1
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG HTTP/1.1Host: 033scsalas.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://hurenbijintermarishoeksteen.nl/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=3bf1e1266bf74e8468b8f7dbf927c6a1
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js?render=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4&co=aHR0cHM6Ly8wMzNzY3NhbGFzLmJ1eno6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=g0id37o8i6xk HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4&co=aHR0cHM6Ly8wMzNzY3NhbGFzLmJ1eno6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=g0id37o8i6xkAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/bg/afyAhS2Qsep4R8kB-t327Ct0yEitujmPfyHorrAGcXw.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4&co=aHR0cHM6Ly8wMzNzY3NhbGFzLmJ1eno6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=g0id37o8i6xkAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /chu-brest.fr HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/reload?k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOG26BfNlNkwOk3gAfInoMOLabelE8wAeW_k1z5HEtLAR1-9TCNldxIesqm-4RIY7foMUEsfep7TTW8G89O24_A
Source: global traffic HTTP traffic detected: GET /chu-brest.fr HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api2/clr?k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AOG26BfNlNkwOk3gAfInoMOLabelE8wAeW_k1z5HEtLAR1-9TCNldxIesqm-4RIY7foMUEsfep7TTW8G89O24_A
Source: global traffic HTTP traffic detected: GET /l?email=dba%40chu-brest.fr&sessid=MTcxOTk5MDk2MTZjYzg2YjY1MDJiYjVhY2M0NWMwYmFiOGZmMGRmYWU5ZmZkMDA3ZmFiZGE0MGEwNzNmNjRiZDc5Nzk4MzUzZjhhZDBhODg1OA%3D%3D HTTP/1.1Host: 033scsalas.buzzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=3bf1e1266bf74e8468b8f7dbf927c6a1
Source: global traffic HTTP traffic detected: GET /l/?email=dba%40chu-brest.fr&sessid=MTcxOTk5MDk2MTZjYzg2YjY1MDJiYjVhY2M0NWMwYmFiOGZmMGRmYWU5ZmZkMDA3ZmFiZGE0MGEwNzNmNjRiZDc5Nzk4MzUzZjhhZDBhODg1OA%3D%3D HTTP/1.1Host: 033scsalas.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=3bf1e1266bf74e8468b8f7dbf927c6a1
Source: global traffic HTTP traffic detected: GET /l/login.php?puid=oyDQ6Dg0oe9zdTFU&origin=1&url=http%3A%2F%2Fchu-brest.fr HTTP/1.1Host: 033scsalas.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFGAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=3bf1e1266bf74e8468b8f7dbf927c6a1
Source: global traffic HTTP traffic detected: GET /jquery-1.12.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://033scsalas.buzzsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://033scsalas.buzz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery.cookie/1.4.1/jquery.cookie.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://033scsalas.buzz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/crypto-js/3.1.2/rollups/md5.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://033scsalas.buzz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /chu-brest.fr?size=100 HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://033scsalas.buzz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /chu-brest.fr?size=100 HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: time.windows.com
Source: global traffic DNS traffic detected: DNS query: u11274505.ct.sendgrid.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: confirmed.onelink.me
Source: global traffic DNS traffic detected: DNS query: hurenbijintermarishoeksteen.nl
Source: global traffic DNS traffic detected: DNS query: 033scsalas.buzz
Source: global traffic DNS traffic detected: DNS query: logo.clearbit.com
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: unknown HTTP traffic detected: POST /recaptcha/api2/reload?k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4 HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 8121sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-protobufferAccept: */*Origin: https://www.google.comX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlaHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4&co=aHR0cHM6Ly8wMzNzY3NhbGFzLmJ1eno6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=g0id37o8i6xkAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_64.2.dr String found in binary or memory: https://033scsalas.buzz/?email=
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_75.2.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_75.2.dr String found in binary or memory: https://recaptcha.net
Source: chromecache_75.2.dr String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_73.2.dr, chromecache_75.2.dr, chromecache_62.2.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_73.2.dr, chromecache_75.2.dr String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__.
Source: chromecache_62.2.dr, chromecache_72.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: classification engine Classification label: mal64.phis.win@19/37@30/14
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2228,i,10163994630552975519,8458782952242880411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u11274505.ct.sendgrid.net/ls/click?upn=u001.xbKAJPUlNzBpPoo-2BvJOvExH-2BDY0F3cjPbxyIYVrYi891Q3fv1PEoS1zATMtfFNX7fUI6t9jmZ-2FQT-2Bq3BvGTXf2nwkAaZzH38QmRsBxcSP7pgGtwYaNusvuZ8-2B8YBX-2FaPOSNuyI068YUtuIImm-2FG8ZzSSKtaYVdLXXNL8Zexzy9gpXvlLfjPcI9K4GvXWmcKqr-2Futqo0VrMQyRCUTWSY8Ju1JOqAwW3jvQfb-2FGlVN49A-3DA3uJ_83Mm6JGxYeyjWUEVVwNw-2FOQR5KenWSXlrmgVLdCQ0m0nm-2BVkoMuv0AM3K3klFnd-2BVFk-2F6wXDTATFPLhGF6LXpO8flMHbxHnWuVZU4-2B2kcQ7rtXL1s-2FB5dzTWvoVXthEfeS-2FsiBYprBy0Gv3BE1R5WeWR-2BLU7ogV9cUTkRV0fWzI2J2LK-2FnWMPOuiXqkYsOoOxdR-2FSve2X6PYNPBxjRC-2B1A-3D-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2228,i,10163994630552975519,8458782952242880411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1466683 URL: https://u11274505.ct.sendgr... Startdate: 03/07/2024 Architecture: WINDOWS Score: 64 15 time.windows.com 2->15 17 edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com 2->17 19 bg.microsoft.map.fastly.net 2->19 31 Antivirus / Scanner detection for submitted sample 2->31 33 AI detected phishing page 2->33 35 Yara detected HtmlPhish10 2->35 7 chrome.exe 1 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 21 192.168.2.7, 138, 443, 49333 unknown unknown 7->21 23 239.255.255.250 unknown Reserved 7->23 12 chrome.exe 7->12         started        process6 dnsIp7 25 033scsalas.buzz 111.90.140.113, 443, 49711, 49712 SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY Malaysia 12->25 27 u11274505.ct.sendgrid.net 167.89.123.147, 443, 49705, 49706 SENDGRIDUS United States 12->27 29 14 other IPs or domains 12->29
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
167.89.123.147
 u11274505.ct.sendgrid.net United States
11377 SENDGRIDUS false
216.58.212.164
 www.google.com United States
15169 GOOGLEUS false
13.32.27.44
 d26p066pn2w0s0.cloudfront.net United States
7018 ATT-INTERNET4US false
13.32.27.77
 unknown United States
7018 ATT-INTERNET4US false
151.101.129.229
 jsdelivr.map.fastly.net United States
54113 FASTLYUS false
151.101.130.137
 code.jquery.com United States
54113 FASTLYUS false
239.255.255.250
 unknown Reserved
unknown unknown false
111.90.140.113
 hurenbijintermarishoeksteen.nl Malaysia
45839 SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY true
142.250.186.164
 unknown United States
15169 GOOGLEUS false
142.250.186.100
 unknown United States
15169 GOOGLEUS false
142.250.184.228
 unknown United States
15169 GOOGLEUS false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
142.250.74.196
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.2.7

Contacted Domains

Name IP Active
hurenbijintermarishoeksteen.nl 111.90.140.113 true
jsdelivr.map.fastly.net 151.101.129.229 true
d26p066pn2w0s0.cloudfront.net 13.32.27.44 true
bg.microsoft.map.fastly.net 199.232.214.172 true
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com 217.20.57.18 true
code.jquery.com 151.101.130.137 true
cdnjs.cloudflare.com 104.17.25.14 true
033scsalas.buzz 111.90.140.113 true
u11274505.ct.sendgrid.net 167.89.123.147 true
www.google.com 216.58.212.164 true
cdn.jsdelivr.net unknown unknown
time.windows.com unknown unknown
confirmed.onelink.me unknown unknown
logo.clearbit.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://033scsalas.buzz/index.php?csrftoken=MTcxOTk5MDk2MTZjYzg2YjY1MDJiYjVhY2M0NWMwYmFiOGZmMGRmYWU5ZmZkMDA3ZmFiZGE0MGEwNzNmNjRiZDc5Nzk4MzUzZjhhZDBhODg1OA== true
  • Avira URL Cloud: safe
 unknown
https://cdn.jsdelivr.net/jquery.cookie/1.4.1/jquery.cookie.min.js false unknown
about:blank false
  • Avira URL Cloud: safe
 unknown
https://www.google.com/recaptcha/api2/clr?k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4 false
  • Avira URL Cloud: safe
 unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://033scsalas.buzz/?email=dba@chu-brest.fr true
  • Avira URL Cloud: safe
 unknown
https://hurenbijintermarishoeksteen.nl/?pid=Email false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://033scsalas.buzz/l/?email=dba%40chu-brest.fr&sessid=MTcxOTk5MDk2MTZjYzg2YjY1MDJiYjVhY2M0NWMwYmFiOGZmMGRmYWU5ZmZkMDA3ZmFiZGE0MGEwNzNmNjRiZDc5Nzk4MzUzZjhhZDBhODg1OA%3D%3D true
  • Avira URL Cloud: safe
 unknown
https://www.google.com/recaptcha/api.js?render=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4 false
  • Avira URL Cloud: safe
 unknown
https://www.google.com/js/bg/afyAhS2Qsep4R8kB-t327Ct0yEitujmPfyHorrAGcXw.js false
  • Avira URL Cloud: safe
 unknown
https://033scsalas.buzz/l?email=dba%40chu-brest.fr&sessid=MTcxOTk5MDk2MTZjYzg2YjY1MDJiYjVhY2M0NWMwYmFiOGZmMGRmYWU5ZmZkMDA3ZmFiZGE0MGEwNzNmNjRiZDc5Nzk4MzUzZjhhZDBhODg1OA%3D%3D true
  • Avira URL Cloud: safe
 unknown
https://code.jquery.com/jquery-1.12.4.min.js false
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://033scsalas.buzz/l/login.php?puid=oyDQ6Dg0oe9zdTFU&origin=1&url=http%3A%2F%2Fchu-brest.fr true
    		unknown
    https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4&co=aHR0cHM6Ly8wMzNzY3NhbGFzLmJ1eno6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=g0id37o8i6xk false
      		unknown
      https://www.google.com/recaptcha/api2/reload?k=6Le0OQUqAAAAAN3d1QaxcB7guTlgrXCB1t6JB6R4 false
      • Avira URL Cloud: safe
      		 unknown
      https://033scsalas.buzz/red.php?tap=1oOBi7dMeB4HsLkm1I5KFnbEckHMYrWHbEFKZSSTJyj0ExuOXtByy8ilTG7CMh5UF9pTplpYSb1KfxCxjU6c6dj6tKwUptK8aBbAtzGSJmFSg8YZlXsoG8zmWNto8wFG true
        		unknown
        https://logo.clearbit.com/chu-brest.fr false
        • Avira URL Cloud: safe
        		 unknown
        https://logo.clearbit.com/chu-brest.fr?size=100 false
        • Avira URL Cloud: safe
        		 unknown