Edit tour

Windows Analysis Report
https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/

Overview

General Information

Sample URL:	https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/
Analysis ID:	1467202
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,11810997513201831327,4233284939625076030,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/

Avira URL Cloud: detection malicious, Label: phishing

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.97.171
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.97.171
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?utm_source=promotions&utm_medium=email&utm_campaign= HTTP/1.1Host: uiytrewrtyuiouyt.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uiytrewrtyuiouyt.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uiytrewrtyuiouyt.pages.dev/?utm_source=promotions&utm_medium=email&utm_campaign=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uiytrewrtyuiouyt.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: hr.economictimes.indiatimes.com
Source: global traffic	DNS traffic detected: DNS query: uiytrewrtyuiouyt.pages.dev
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_41.2.dr, chromecache_43.2.dr, chromecache_42.2.dr

String found in binary or memory: https://174q5g.ghtionte.su/OQf0/#M

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@17/5@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,11810997513201831327,4233284939625076030,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,11810997513201831327,4233284939625076030,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://uiytrewrtyuiouyt.pages.dev/favicon.ico	0%	Avira URL Cloud	safe
https://174q5g.ghtionte.su/OQf0/#M	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
uiytrewrtyuiouyt.pages.dev	188.114.97.3	true	false	unknown
www.google.com	216.58.206.36	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
windowsupdatebg.s.llnwi.net	87.248.204.0	true	false	unknown
hr.economictimes.indiatimes.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://uiytrewrtyuiouyt.pages.dev/favicon.ico	false	Avira URL Cloud: safe	unknown
https://uiytrewrtyuiouyt.pages.dev/?utm_source=promotions&utm_medium=email&utm_campaign=	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://174q5g.ghtionte.su/OQf0/#M	chromecache_41.2.dr, chromecache_43.2.dr, chromecache_42.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	uiytrewrtyuiouyt.pages.dev	European Union	13335	CLOUDFLARENETUS	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467202
Start date and time:	2024-07-03 21:00:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/5@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.181.238, 74.125.71.84, 23.38.98.238, 23.38.98.235, 52.165.165.26, 87.248.204.0, 192.229.221.95, 20.3.187.198, 13.85.23.206, 20.12.23.50, 142.250.184.227, 40.68.123.157
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, e38996.dscj.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, hr.economictimes.indiatimes.com.edgekey.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1108
Entropy (8bit):	4.757258507543905
Encrypted:	false
SSDEEP:	24:hYkCRnSKXxQiWksIeWA9bQG0lEk2+1E6jDMqd4N9:wndrMJkDE6JCN9
MD5:	D37A4F6992F101A66D46ADD5DD3DB4C0
SHA1:	0ABACBF0F9F089FAD09632A403CBBA345B3EB13C
SHA-256:	57C92629203224348ADD40A4A883E3E0D73DA69B3BB8B28B3FB37B201B001DA6
SHA-512:	B77A03E3FB86D06B5D7805F686C5A43D99764C63440D61137940EA48C80678C0F4D1D8E3A0BECA167EC6C739FB8B72B900CAAC5E4DFAF489D906F951B1C30E04
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>File loading</title>. <script>. // Function to get the value of a parameter from the URL. function getParameterByName(name, url) {. if (!url) url = window.location.href;. name = name.replace(/[\[\]]/g, "\\$&");. var regex = new RegExp("[?&]" + name + "(=([^&#]*)\|&\|#\|$)"),. results = regex.exec(url);. if (!results) return null;. if (!results[2]) return '';. return decodeURIComponent(results[2].replace(/\+/g, " "));. }. var base64EmailParam = getParameterByName('email');. function decodeEmail(base64Email) {. return atob(base64Email);. }. if (base64EmailParam) {. var email = decodeEmail(base64EmailParam);. setTimeout(function () {. window.location.href = 'https

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1108
Entropy (8bit):	4.757258507543905
Encrypted:	false
SSDEEP:	24:hYkCRnSKXxQiWksIeWA9bQG0lEk2+1E6jDMqd4N9:wndrMJkDE6JCN9
MD5:	D37A4F6992F101A66D46ADD5DD3DB4C0
SHA1:	0ABACBF0F9F089FAD09632A403CBBA345B3EB13C
SHA-256:	57C92629203224348ADD40A4A883E3E0D73DA69B3BB8B28B3FB37B201B001DA6
SHA-512:	B77A03E3FB86D06B5D7805F686C5A43D99764C63440D61137940EA48C80678C0F4D1D8E3A0BECA167EC6C739FB8B72B900CAAC5E4DFAF489D906F951B1C30E04
Malicious:	false
Reputation:	low
URL:	https://uiytrewrtyuiouyt.pages.dev/?utm_source=promotions&utm_medium=email&utm_campaign=
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>File loading</title>. <script>. // Function to get the value of a parameter from the URL. function getParameterByName(name, url) {. if (!url) url = window.location.href;. name = name.replace(/[\[\]]/g, "\\$&");. var regex = new RegExp("[?&]" + name + "(=([^&#]*)\|&\|#\|$)"),. results = regex.exec(url);. if (!results) return null;. if (!results[2]) return '';. return decodeURIComponent(results[2].replace(/\+/g, " "));. }. var base64EmailParam = getParameterByName('email');. function decodeEmail(base64Email) {. return atob(base64Email);. }. if (base64EmailParam) {. var email = decodeEmail(base64EmailParam);. setTimeout(function () {. window.location.href = 'https

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1108
Entropy (8bit):	4.757258507543905
Encrypted:	false
SSDEEP:	24:hYkCRnSKXxQiWksIeWA9bQG0lEk2+1E6jDMqd4N9:wndrMJkDE6JCN9
MD5:	D37A4F6992F101A66D46ADD5DD3DB4C0
SHA1:	0ABACBF0F9F089FAD09632A403CBBA345B3EB13C
SHA-256:	57C92629203224348ADD40A4A883E3E0D73DA69B3BB8B28B3FB37B201B001DA6
SHA-512:	B77A03E3FB86D06B5D7805F686C5A43D99764C63440D61137940EA48C80678C0F4D1D8E3A0BECA167EC6C739FB8B72B900CAAC5E4DFAF489D906F951B1C30E04
Malicious:	false
Reputation:	low
URL:	https://uiytrewrtyuiouyt.pages.dev/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>File loading</title>. <script>. // Function to get the value of a parameter from the URL. function getParameterByName(name, url) {. if (!url) url = window.location.href;. name = name.replace(/[\[\]]/g, "\\$&");. var regex = new RegExp("[?&]" + name + "(=([^&#]*)\|&\|#\|$)"),. results = regex.exec(url);. if (!results) return null;. if (!results[2]) return '';. return decodeURIComponent(results[2].replace(/\+/g, " "));. }. var base64EmailParam = getParameterByName('email');. function decodeEmail(base64Email) {. return atob(base64Email);. }. if (base64EmailParam) {. var email = decodeEmail(base64EmailParam);. setTimeout(function () {. window.location.href = 'https

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 21:00:54.955358028 CEST	49678	443	192.168.2.4	104.46.162.224
Jul 3, 2024 21:00:56.736671925 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 3, 2024 21:01:06.345035076 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 3, 2024 21:01:06.730724096 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:06.730750084 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:06.730815887 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:06.731096029 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:06.731111050 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:06.851547956 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:06.851574898 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:01:06.851660967 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:06.851946115 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:06.851958036 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:01:07.234743118 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:07.235950947 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:07.235969067 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:07.236855030 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:07.236917973 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:07.242185116 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:07.242244005 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:07.242801905 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:07.242810965 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:07.284112930 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:07.404417992 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:07.404504061 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:07.404552937 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:07.491781950 CEST	49739	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:07.491812944 CEST	443	49739	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:07.522716999 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:01:07.523041964 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:07.523061991 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:01:07.523909092 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:01:07.523972034 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:08.020956039 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:08.021095037 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:01:08.052457094 CEST	49741	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:08.052505016 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.052570105 CEST	49741	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:08.057300091 CEST	49741	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:08.057324886 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.064923048 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:08.064935923 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:01:08.114821911 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:08.210253954 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:08.210283995 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:08.210362911 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:08.214739084 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:08.214751005 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:08.534003019 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.535342932 CEST	49741	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:08.535367966 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.535655022 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.540107012 CEST	49741	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:08.540182114 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.541205883 CEST	49741	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:08.584548950 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.587007046 CEST	49741	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:08.706912994 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.707026958 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.707139969 CEST	49741	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:08.777645111 CEST	49741	443	192.168.2.4	188.114.97.3
Jul 3, 2024 21:01:08.777677059 CEST	443	49741	188.114.97.3	192.168.2.4
Jul 3, 2024 21:01:08.823827028 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:08.823872089 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:08.824013948 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:08.824337959 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:08.824357986 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:08.898385048 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:08.898497105 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:08.905406952 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:08.905421972 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:08.905615091 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:08.954426050 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.061578035 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.104509115 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.253124952 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.253180981 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.253235102 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.253542900 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.253560066 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.253570080 CEST	49742	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.253576994 CEST	443	49742	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.290302038 CEST	49744	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.290335894 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.290396929 CEST	49744	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.290946007 CEST	49744	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.290957928 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.341411114 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:09.341696024 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:09.341711998 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:09.342561007 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:09.342622995 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:09.342974901 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:09.343028069 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:09.343143940 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:09.343153000 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:09.391932011 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:09.529433012 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:09.529517889 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:09.529561043 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:09.530776024 CEST	49743	443	192.168.2.4	188.114.96.3
Jul 3, 2024 21:01:09.530797958 CEST	443	49743	188.114.96.3	192.168.2.4
Jul 3, 2024 21:01:09.960633039 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.960705042 CEST	49744	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.963928938 CEST	49744	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:09.963938951 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.964133978 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:09.966536045 CEST	49744	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:10.008502007 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:10.244060993 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:10.244115114 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:10.244184971 CEST	49744	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:10.245491982 CEST	49744	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:10.245491982 CEST	49744	443	192.168.2.4	184.28.90.27
Jul 3, 2024 21:01:10.245510101 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:10.245537043 CEST	443	49744	184.28.90.27	192.168.2.4
Jul 3, 2024 21:01:17.436145067 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:01:17.436204910 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:01:17.436311960 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:17.925875902 CEST	49740	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:01:17.925905943 CEST	443	49740	216.58.206.36	192.168.2.4
Jul 3, 2024 21:02:07.010567904 CEST	49753	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:02:07.010613918 CEST	443	49753	216.58.206.36	192.168.2.4
Jul 3, 2024 21:02:07.010715008 CEST	49753	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:02:07.011069059 CEST	49753	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:02:07.011085033 CEST	443	49753	216.58.206.36	192.168.2.4
Jul 3, 2024 21:02:07.683104038 CEST	443	49753	216.58.206.36	192.168.2.4
Jul 3, 2024 21:02:07.684967995 CEST	49753	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:02:07.684990883 CEST	443	49753	216.58.206.36	192.168.2.4
Jul 3, 2024 21:02:07.685285091 CEST	443	49753	216.58.206.36	192.168.2.4
Jul 3, 2024 21:02:07.685620070 CEST	49753	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:02:07.685691118 CEST	443	49753	216.58.206.36	192.168.2.4
Jul 3, 2024 21:02:07.736088991 CEST	49753	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:02:13.892461061 CEST	49723	80	192.168.2.4	2.19.97.171
Jul 3, 2024 21:02:13.892719984 CEST	49724	80	192.168.2.4	199.232.210.172
Jul 3, 2024 21:02:13.897756100 CEST	80	49723	2.19.97.171	192.168.2.4
Jul 3, 2024 21:02:13.897808075 CEST	49723	80	192.168.2.4	2.19.97.171
Jul 3, 2024 21:02:13.898062944 CEST	80	49724	199.232.210.172	192.168.2.4
Jul 3, 2024 21:02:13.898113012 CEST	49724	80	192.168.2.4	199.232.210.172
Jul 3, 2024 21:02:17.595938921 CEST	443	49753	216.58.206.36	192.168.2.4
Jul 3, 2024 21:02:17.596004963 CEST	443	49753	216.58.206.36	192.168.2.4
Jul 3, 2024 21:02:17.596050978 CEST	49753	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:02:17.659665108 CEST	49753	443	192.168.2.4	216.58.206.36
Jul 3, 2024 21:02:17.659693956 CEST	443	49753	216.58.206.36	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 21:01:03.315474033 CEST	53	58571	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:03.437908888 CEST	53	62370	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:04.503705978 CEST	53	58248	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:04.901861906 CEST	52989	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:01:04.902323961 CEST	54444	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:01:06.712713957 CEST	55418	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:01:06.713124990 CEST	60326	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:01:06.727902889 CEST	53	60326	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:06.730185032 CEST	53	55418	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:06.842639923 CEST	63003	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:01:06.842875957 CEST	58984	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:01:06.849957943 CEST	53	63003	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:06.850004911 CEST	53	58984	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:08.783066988 CEST	60996	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:01:08.783503056 CEST	50009	53	192.168.2.4	1.1.1.1
Jul 3, 2024 21:01:08.795232058 CEST	53	50009	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:08.801795006 CEST	53	60996	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:21.522130966 CEST	53	60419	1.1.1.1	192.168.2.4
Jul 3, 2024 21:01:25.486815929 CEST	138	138	192.168.2.4	192.168.2.255
Jul 3, 2024 21:01:40.495778084 CEST	53	63953	1.1.1.1	192.168.2.4
Jul 3, 2024 21:02:02.902296066 CEST	53	57445	1.1.1.1	192.168.2.4
Jul 3, 2024 21:02:03.118352890 CEST	53	58786	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 3, 2024 21:01:04.901861906 CEST	192.168.2.4	1.1.1.1	0x62bb	Standard query (0)	hr.economictimes.indiatimes.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:04.902323961 CEST	192.168.2.4	1.1.1.1	0x944c	Standard query (0)	hr.economictimes.indiatimes.com	65	IN (0x0001)	false
Jul 3, 2024 21:01:06.712713957 CEST	192.168.2.4	1.1.1.1	0xbc09	Standard query (0)	uiytrewrtyuiouyt.pages.dev	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:06.713124990 CEST	192.168.2.4	1.1.1.1	0x5abf	Standard query (0)	uiytrewrtyuiouyt.pages.dev	65	IN (0x0001)	false
Jul 3, 2024 21:01:06.842639923 CEST	192.168.2.4	1.1.1.1	0xf0ba	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:06.842875957 CEST	192.168.2.4	1.1.1.1	0x8cbf	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 3, 2024 21:01:08.783066988 CEST	192.168.2.4	1.1.1.1	0xe580	Standard query (0)	uiytrewrtyuiouyt.pages.dev	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:08.783503056 CEST	192.168.2.4	1.1.1.1	0x210	Standard query (0)	uiytrewrtyuiouyt.pages.dev	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 3, 2024 21:01:04.912225008 CEST	1.1.1.1	192.168.2.4	0x62bb	No error (0)	hr.economictimes.indiatimes.com	hr.economictimes.indiatimes.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 21:01:04.923552990 CEST	1.1.1.1	192.168.2.4	0x944c	No error (0)	hr.economictimes.indiatimes.com	hr.economictimes.indiatimes.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 21:01:06.727902889 CEST	1.1.1.1	192.168.2.4	0x5abf	No error (0)	uiytrewrtyuiouyt.pages.dev			65	IN (0x0001)	false
Jul 3, 2024 21:01:06.730185032 CEST	1.1.1.1	192.168.2.4	0xbc09	No error (0)	uiytrewrtyuiouyt.pages.dev		188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:06.730185032 CEST	1.1.1.1	192.168.2.4	0xbc09	No error (0)	uiytrewrtyuiouyt.pages.dev		188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:06.849957943 CEST	1.1.1.1	192.168.2.4	0xf0ba	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:06.850004911 CEST	1.1.1.1	192.168.2.4	0x8cbf	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 3, 2024 21:01:08.795232058 CEST	1.1.1.1	192.168.2.4	0x210	No error (0)	uiytrewrtyuiouyt.pages.dev			65	IN (0x0001)	false
Jul 3, 2024 21:01:08.801795006 CEST	1.1.1.1	192.168.2.4	0xe580	No error (0)	uiytrewrtyuiouyt.pages.dev		188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:08.801795006 CEST	1.1.1.1	192.168.2.4	0xe580	No error (0)	uiytrewrtyuiouyt.pages.dev		188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:20.001404047 CEST	1.1.1.1	192.168.2.4	0x7ccf	No error (0)	windowsupdatebg.s.llnwi.net		87.248.204.0	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:20.647833109 CEST	1.1.1.1	192.168.2.4	0xe37d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 21:01:20.647833109 CEST	1.1.1.1	192.168.2.4	0xe37d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:33.914726019 CEST	1.1.1.1	192.168.2.4	0xa53d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 21:01:33.914726019 CEST	1.1.1.1	192.168.2.4	0xa53d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 3, 2024 21:01:55.635436058 CEST	1.1.1.1	192.168.2.4	0x34d2	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 21:01:55.635436058 CEST	1.1.1.1	192.168.2.4	0x34d2	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

uiytrewrtyuiouyt.pages.dev

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	188.114.97.3	443	8	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:01:07 UTC	722	OUT	GET /?utm_source=promotions&utm_medium=email&utm_campaign= HTTP/1.1 Host: uiytrewrtyuiouyt.pages.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:01:07 UTC	730	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:01:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nHKEqtbohqduPLjFUjNI7xGSZd4LpX%2BrF7jcVkUJRF8v5bblW6C2eGjb2nDVGYxp0JQeSKs8BiH9Rym1bYcqrPuMBD9p01PQXtg9Uk31KQwDgKgRpWVIrFPQCpDLNXWuavGWi2TXvcs3p%2BQwxA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89d91f50c9cf0cc6-EWR alt-svc: h3=":443"; ma=86400
2024-07-03 19:01:07 UTC	1115	IN	Data Raw: 34 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 69 6c 65 20 6c 6f 61 64 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 2f 2f 20 46 75 6e 63 74 69 6f 6e 20 74 6f 20 67 65 74 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 61 20 70 61 72 61 6d 65 74 65 72 20 66 72 6f 6d 20 74 68 65 20 55 52 Data Ascii: 454<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>File loading</title> <script> // Function to get the value of a parameter from the UR
2024-07-03 19:01:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	188.114.97.3	443	8	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:01:08 UTC	661	OUT	GET /favicon.ico HTTP/1.1 Host: uiytrewrtyuiouyt.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://uiytrewrtyuiouyt.pages.dev/?utm_source=promotions&utm_medium=email&utm_campaign= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:01:08 UTC	734	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:01:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ukOxsxmqwdWeFug3TrIiuUbdMQYWuEt1%2FX%2Fpi1NK1ci1rp0bVVy56TgNd7t9XO795R%2FscQA0GF2B3tXyJbGMgc6aLk6pSk6BM1DwTMQEqslIotn1FNvsfoj5jtzBeNeDAryGeLrYu1a%2FGKfZlA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89d91f58ca4c7d18-EWR alt-svc: h3=":443"; ma=86400
2024-07-03 19:01:08 UTC	1115	IN	Data Raw: 34 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 69 6c 65 20 6c 6f 61 64 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 2f 2f 20 46 75 6e 63 74 69 6f 6e 20 74 6f 20 67 65 74 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 61 20 70 61 72 61 6d 65 74 65 72 20 66 72 6f 6d 20 74 68 65 20 55 52 Data Ascii: 454<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>File loading</title> <script> // Function to get the value of a parameter from the UR
2024-07-03 19:01:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:01:09 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 19:01:09 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=76075 Date: Wed, 03 Jul 2024 19:01:09 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	188.114.96.3	443	8	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:01:09 UTC	361	OUT	GET /favicon.ico HTTP/1.1 Host: uiytrewrtyuiouyt.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 19:01:09 UTC	728	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 19:01:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=siWTvWzF1ZFRI9uokogOsuth2GmRVkQ2EEHzf5NQB04yORzfwaQ%2FImaC2U7PMp8biTDBDwcnaND9tjfhgVwjeQZDLtlEmefgyQ7mmFMzRGXcKlBfV1JWhiJR6Tb6YjO0IttZ4jPPk4DIRTlQlg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89d91f5df892c47c-EWR alt-svc: h3=":443"; ma=86400
2024-07-03 19:01:09 UTC	1115	IN	Data Raw: 34 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 69 6c 65 20 6c 6f 61 64 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 2f 2f 20 46 75 6e 63 74 69 6f 6e 20 74 6f 20 67 65 74 20 74 68 65 20 76 61 6c 75 65 20 6f 66 20 61 20 70 61 72 61 6d 65 74 65 72 20 66 72 6f 6d 20 74 68 65 20 55 52 Data Ascii: 454<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>File loading</title> <script> // Function to get the value of a parameter from the UR
2024-07-03 19:01:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 19:01:09 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 19:01:10 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=76084 Date: Wed, 03 Jul 2024 19:01:10 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-03 19:01:10 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5012, Parent PID: 5252

General

Target ID:	0
Start time:	15:00:59
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8, Parent PID: 5012

General

Target ID:	2
Start time:	15:01:01
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2012,i,11810997513201831327,4233284939625076030,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6520, Parent PID: 5252

General

Target ID:	3
Start time:	15:01:04
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5012, Parent PID: 5252

General

Chronological Activities

Analysis Process: chrome.exePID: 8, Parent PID: 5012

General

Chronological Activities

Analysis Process: chrome.exePID: 6520, Parent PID: 5252

General

Chronological Activities

Disassembly

Windows Analysis Report
https://hr.economictimes.indiatimes.com/etl.php?url=//uiytrewrtyuiouyt.pages.dev/