Windows Analysis Report
http://aktifkaan-paylaterss4.resmi-ak3.xyz/

Overview

General Information

Sample URL: http://aktifkaan-paylaterss4.resmi-ak3.xyz/
Analysis ID: 1637971
Infos:
Errors
  • URL not reachable

Detection

Score: 52
Range: 0 - 100
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Performs DNS queries to domains with low reputation

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: http://aktifkaan-paylaterss4.resmi-ak3.xyz/ Avira URL Cloud: detection malicious, Label: phishing

Networking
barindex
Performs DNS queries to domains with low reputation
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: aktifkaan-paylaterss4.resmi-ak3.xyz
Source: global traffic DNS traffic detected: DNS query: google.com
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engine Classification label: mal52.troj.win@20/0@18/2
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,7968972125858442703,7151089821387546046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2148 /prefetch:3
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aktifkaan-paylaterss4.resmi-ak3.xyz/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2120,i,7968972125858442703,7151089821387546046,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2148 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1637971 URL: http://aktifkaan-paylaterss... Startdate: 14/03/2025 Architecture: WINDOWS Score: 52 15 aktifkaan-paylaterss4.resmi-ak3.xyz 2->15 26 Antivirus / Scanner detection for submitted sample 2->26 7 chrome.exe 2->7         started        10 chrome.exe 2->10         started        signatures3 28 Performs DNS queries to domains with low reputation 15->28 process4 dnsIp5 17 192.168.2.4, 443, 49708, 49726 unknown unknown 7->17 12 chrome.exe 7->12         started        process6 dnsIp7 19 aktifkaan-paylaterss4.resmi-ak3.xyz 12->19 22 www.google.com 172.217.16.196, 443, 49726, 49727 GOOGLEUS United States 12->22 24 google.com 12->24 signatures8 30 Performs DNS queries to domains with low reputation 19->30
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.16.196
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
google.com 172.217.16.142 true
www.google.com 172.217.16.196 true
aktifkaan-paylaterss4.resmi-ak3.xyz unknown unknown