Windows Analysis Report https://route.gls-france.com:3040/fdk/COV/abRUOflV

Overview

General Information

Sample URL: https://route.gls-france.com:3040/fdk/COV/abRUOflV
Analysis ID: 536236
Infos:

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Phishing:

barindex
HTML title does not match URL
Source: https://gls-group.eu/FR/fr/suivi-colis?match= HTTP Parser: Title: Parcel Tracking | GLS France does not match URL
Source: https://gls-group.eu/FR/fr/suivi-colis?match= HTTP Parser: Title: Parcel Tracking | GLS France does not match URL
Source: https://gls-group.eu/FR/fr/suivi-colis?match= HTTP Parser: No <meta name="author".. found
Source: https://gls-group.eu/FR/fr/suivi-colis?match= HTTP Parser: No <meta name="author".. found
Source: https://gls-group.eu/FR/fr/suivi-colis?match= HTTP Parser: No <meta name="copyright".. found
Source: https://gls-group.eu/FR/fr/suivi-colis?match= HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 193.106.225.173:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 193.106.225.173:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: route.gls-france.com
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 08 Dec 2021 10:37:38 GMTServer: ApacheLast-Modified: Thu, 02 Apr 2020 12:28:00 GMTETag: "13feeb-7b6-5a24dee6f3400"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 870Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 55 eb 6e db 36 14 fe ed 00 79 87 53 05 03 b6 c2 b2 ac b8 69 53 d7 f2 da ad 6b fb a3 c0 86 25 db b0 5f 03 25 1e 49 5c 28 52 20 29 5f 52 14 d8 6b ec 11 f2 1c 79 93 3d c9 0e 75 b1 d3 b5 99 3b 4c 82 4d 8a e7 e8 fb ce 5d 8b 07 2f bf ff f6 f2 d7 1f be 83 d2 55 72 79 7c b4 d8 ad c8 b8 5f 2b 74 0c b2 92 19 8b 2e 09 7e ba 7c 15 9e 07 bb 73 c5 2a 4c 82 95 c0 75 ad 8d 0b 20 d3 ca a1 22 bd b5 e0 ae 4c 38 ae 44 86 61 fb 30 06 a1 84 13 4c 86 36 63 12 93 78 32 6d 71 ac db 4a a4 cd f1 51 aa f9 76 0c 69 e3 9c 56 5e bb 6e dc 18 2c 4a cc 68 75 b8 71 cc 20 83 77 c7 47 40 57 4e 4c 61 ce 2a 21 b7 73 78 83 72 85 4e 64 6c 0c 2f 0c 51 8c e1 67 34 9c 29 7a b6 4c d9 d0 a2 11 f9 b3 3b 2f ae 51 14 a5 9b 83 d2 a6 62 b2 97 64 5a 6a 33 87 93 d9 6c 46 27 ef 07 93 06 c6 8a 99 42 a8 39 4c ef 02 59 71 8d 73 88 27 67 58 f5 c7 52 28 0c cb 1e 3f 9e 9c ee 25 29 cb ae 0a a3 1b c5 89 24 cf f3 81 64 70 ed dd c7 b8 07 50 db d7 9f 57 c8 05 03 9b 19 44 05 4c 71 f8 b2 62 9b 2e e8 73 98 3d 8e eb cd 57 de 87 cf f5 e5 3e ce f8 ff 78 32 9d 9c 1f c0 25 80 51 0f e3 ef 13 5f 4a 8c 34 cd 3f 6d f6 de af d6 c0 1a a7 7b c0 5a 5b aa 2c 4d 32 83 92 39 b1 c2 5e d0 c7 e0 e9 f4 0b 3a 18 b5 d8 23 ff 37 61 75 fd 86 ea fb 17 53 ef d0 85 da d9 f4 78 5a 6f fc 0b 5d 41 9c a4 4f d3 2c 4b 3f 8e d4 e9 e7 e4 5c 6f bc b6 50 c5 9c f6 86 a3 09 e9 a8 17 86 95 be 0e ff 5d 63 8d e9 95 70 07 94 f4 01 79 65 ef 57 68 83 52 c6 43 18 a2 87 bb d2 a8 37 ed 6f d6 6f 9e 3d 8c 3e d1 79 97 25 5e 50 87 bd 7e 7b 31 fe ef 5d d8 87 71 f2 e8 be 40 ee e3 78 b8 6b e3 27 a7 d3 b3 5d e3 fa 0c 7f a3 37 83 5b 9d cb c4 45 be 58 2d 05 87 13 1e fb db a7 b9 8f 87 61 5c 34 96 68 cf ba ec ef 9b e8 fc 6c 3a 1c 75 b1 e9 6b ef 53 4c f7 d6 e2 be 67 c2 c1 e4 bc bd 86 22 66 9c b7 e9 f9 b0 bb a5 2e b4 c7 7e df 16 6e 5b ae 23 df 66 21 93 a2 50 f3 df 1b eb 44 be 1d b4 17 d1 30 4e 17 d1 30 c0 7d df b7 f3 75 c1 c5 0a 04 4f 82 5d 6b 05 d0 0a 46 3b 49 4e 91 6d 24 13 06 69 96 4b 66 6d 12 74 ee f9 51 3d 1a 2d ca 78 b9 10 55 01 d6 64 49 50 48 1b 7a f3 26 b5 2a 82 ae d7 92 20 7e 12 07 d0 65 30 09 1e 9d 07 c0 24 6d 5e 23 b1 31 09 6f 75 21 c8 e0 cc c2 c5 d6 3a ac ec 8e c6 03 05 4b b2 3a ee 98 06 8b 38 d2 60 13 b5 0f e9 5d 93 fa ee 0d 96 e0 b5 5f de de 50 56 6f 6f 40 22 95 10 4d 41 f5 d7 1f 7f a2 75 50 cb c6 02 17 b6 d6 4a a4 24 7c b0 48 4d 87 1f 11 41 b7 ab 89 b5 ee b6 83 90 41 69 30 4f 82 d2 b9 da ce a3 c8 7b ea 73 57 4f b0 89 5e fd 18 e5 26 b2 8d 58 09 9f 49 61 bf ae 98 cb c8 75 a0 d9 57 f8 8f e4 6f a9 64 ea 2a 58 be c8 b2 db 1b 8e d7 54 2f d0 ea 03 47 58 69 67 10 da 17 17 11 fb 90 b7 5d 7d 3e 7a eb f6 6b 9f 44 8a 8f ff 3c ff 0d 9b c8 e6 8c b6 07 00 00 Data Ascii: Un6ySiSk%_
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: global traffic HTTP traffic detected: GET /FR/fr/suivi-colis?match= HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_2021-vendor_css.css?1638463235494 HTTP/1.1Accept: text/css, */*Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_runtime_js.js?1638463235494 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_vendor_js.js?1638463235494 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_2021-main_css.css?1638463235494 HTTP/1.1Accept: text/css, */*Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_common_js.js?1638463235494 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_core_js.js?1638463235494 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_witt002_js.js?1638463235494 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_app_js.js?1638463235494 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_assets/gls_group_icons_social_linkedin_svg.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_assets/gls_group_icons_social_youtube_svg.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_wilh001_js.js?1638463235494 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /FR/media/images/freepik.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_assets/gls_group_arrow_top_blue_svg.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_polyfills_js.js?1638463235494 HTTP/1.1Accept: */*Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_regular_woff.woff HTTP/1.1Accept: */*Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://gls-group.euAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_bold_woff.woff HTTP/1.1Accept: */*Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://gls-group.euAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_bolditalic_woff.woff HTTP/1.1Accept: */*Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://gls-group.euAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_lightitalic_woff.woff HTTP/1.1Accept: */*Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://gls-group.euAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_italic_woff.woff HTTP/1.1Accept: */*Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://gls-group.euAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_light_woff.woff HTTP/1.1Accept: */*Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: https://gls-group.euAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /app/service/open/rest/FR/fr/rslg015?caller=wilh001&millis=1638992219086 HTTP/1.1Accept: application/jsonReferer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /FR/media/images/M5-SUIVI-COLIS-1440X400_M01.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://gls-group.eu/FR/fr/suivi-colis?match=Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: gls-group.euConnection: Keep-AliveCookie: BIGIP=!/b5Zullf52X+pUC7isbOdZmUI4+maDPTCbBNN6ohZUW98OoLPX40cacKER+pThliqvIxZQh8qHgxvvw=
Source: global traffic HTTP traffic detected: GET /cov/form.php?ZT1QUkFERUwgRlJBTkNFIEhPTUVTVFlMRSZ0PTAwRkhBMDVFJmQ9MjAyMTEyMDYwMDAwMDAmZj0yMDIxMTIwNzA3MzkxOQ== HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.gls-france.com
Source: global traffic HTTP traffic detected: GET /cov/unavailable.html HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.gls-france.com
Source: global traffic HTTP traffic detected: GET /cov/gls-logo.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.gls-france.com/cov/unavailable.htmlAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.gls-france.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.gls-france.comConnection: Keep-Alive
Source: suivi-colis[1].htm.2.dr String found in binary or memory: <a href="https://www.linkedin.com/company/gls-france" target="_blank" rel="noopener noreferrer" data-analytics="click" data-analytics-action="LinkedIn" data-analytics-category="link-social-media" > <img src="/media/gls_group_resources/gls_group_assets/gls_group_icons_social_linkedin_svg.svg" alt="LinkedIn" width="24" height="24" /> </a> equals www.linkedin.com (Linkedin)
Source: suivi-colis[1].htm.2.dr String found in binary or memory: <a href="https://www.youtube.com/channel/UCp-IPDFX5NGaLgxwdwAjcrA" target="_blank" rel="noopener noreferrer" data-analytics="click" data-analytics-action="YouTube" data-analytics-category="link-social-media" > <img src="/media/gls_group_resources/gls_group_assets/gls_group_icons_social_youtube_svg.svg" alt="YouTube" width="24" height="24" /> </a> equals www.youtube.com (Youtube)
Source: imagestore.dat.2.dr String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: {264E86BB-585E-11EC-90E9-ECF4BB862DED}.dat.1.dr String found in binary or memory: http://www.gls-france.com/cov/unavailable.html
Source: imagestore.dat.2.dr String found in binary or memory: http://www.gls-france.com/favicon.ico
Source: imagestore.dat.2.dr String found in binary or memory: http://www.gls-france.com/favicon.ico~
Source: suivi-colis[1].htm.2.dr String found in binary or memory: https://fr.freepik.com/
Source: suivi-colis[1].htm.2.dr String found in binary or memory: https://gls-group.eu/EU/en/home
Source: {264E86BB-585E-11EC-90E9-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://gls-group.eu/F
Source: suivi-colis[1].htm.2.dr String found in binary or memory: https://gls-group.eu/FR/fr/envoyer-colis/solutions-pros/flexdeliveryservice
Source: unavailable[1].htm.2.dr, ~DF8009440EB606F4D8.TMP.1.dr String found in binary or memory: https://gls-group.eu/FR/fr/suivi-colis?match=
Source: {264E86BB-585E-11EC-90E9-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://gls-group.eu/FR/fr/suivi-colis?match=~
Source: imagestore.dat.2.dr String found in binary or memory: https://gls-group.eu/favicon.ico
Source: imagestore.dat.2.dr String found in binary or memory: https://gls-group.eu/favicon.ico~
Source: suivi-colis[1].htm.2.dr String found in binary or memory: https://recrutement-gls.digitalrecruiters.com/fr
Source: suivi-colis[1].htm.2.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: imagestore.dat.2.dr String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: imagestore.dat.2.dr String found in binary or memory: https://www.google.com/favicon.ico~
Source: suivi-colis[1].htm.2.dr String found in binary or memory: https://www.linkedin.com/company/gls-france
Source: suivi-colis[1].htm.2.dr String found in binary or memory: https://www.royalmail.com/
Source: suivi-colis[1].htm.2.dr String found in binary or memory: https://www.youtube.com/channel/UCp-IPDFX5NGaLgxwdwAjcrA
Source: unknown HTTPS traffic detected: 193.106.225.173:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 193.106.225.173:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF94D90A069EEB3CA8.TMP Jump to behavior
Source: classification engine Classification label: clean0.win@3/34@3/3
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6872 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6872 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 536236 URL: https://route.gls-france.co... Startdate: 08/12/2021 Architecture: WINDOWS Score: 0 5 iexplore.exe 2 61 2->5         started        process3 7 iexplore.exe 4 60 5->7         started        dnsIp4 10 gls-group.eu 193.106.225.173, 443, 49718, 49719 GLS-IT-SERVICE-ASDE Germany 7->10 12 www.gls-france.com 213.30.190.15, 49714, 49715, 80 AS-COMPLETELFR France 7->12 14 route.gls-france.com 213.30.190.95, 3040, 49712, 49713 AS-COMPLETELFR France 7->14
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
213.30.190.95
 route.gls-france.com France
12670 AS-COMPLETELFR false
193.106.225.173
 gls-group.eu Germany
60254 GLS-IT-SERVICE-ASDE false
213.30.190.15
 www.gls-france.com France
12670 AS-COMPLETELFR false

Contacted Domains

Name IP Active
www.gls-france.com 213.30.190.15 true
gls-group.eu 193.106.225.173 true
route.gls-france.com 213.30.190.95 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://gls-group.eu/media/gls_group_resources/gls_group_witt002_js.js?1638463235494 false
    		high
    http://www.gls-france.com/cov/gls-logo.png false
    • Avira URL Cloud: safe
    		 unknown
    http://www.gls-france.com/cov/unavailable.html false unknown
    https://gls-group.eu/FR/media/images/freepik.svg false
      		high
      https://gls-group.eu/media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_bold_woff.woff false
        		high
        https://gls-group.eu/media/gls_group_resources/gls_group_app_js.js?1638463235494 false
          		high
          https://gls-group.eu/media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_bolditalic_woff.woff false
            		high
            https://gls-group.eu/media/gls_group_resources/gls_group_core_js.js?1638463235494 false
              		high
              https://gls-group.eu/media/gls_group_resources/gls_group_2021-vendor_css.css?1638463235494 false
                		high
                https://gls-group.eu/media/gls_group_resources/gls_group_2021-main_css.css?1638463235494 false
                  		high
                  https://gls-group.eu/media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_regular_woff.woff false
                    		high
                    http://www.gls-france.com/favicon.ico false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://gls-group.eu/app/service/open/rest/FR/fr/rslg015?caller=wilh001&millis=1638992219086 false
                      		high
                      https://gls-group.eu/media/gls_group_resources/gls_group_assets/gls_group_icons_social_youtube_svg.svg false
                        		high
                        https://gls-group.eu/favicon.ico false
                          		high
                          http://www.gls-france.com/cov/form.php?ZT1QUkFERUwgRlJBTkNFIEhPTUVTVFlMRSZ0PTAwRkhBMDVFJmQ9MjAyMTEyMDYwMDAwMDAmZj0yMDIxMTIwNzA3MzkxOQ== false
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		 unknown
                          https://gls-group.eu/media/gls_group_resources/gls_group_assets/gls_group_icons_social_linkedin_svg.svg false
                            		high
                            https://gls-group.eu/media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_light_woff.woff false
                              		high
                              https://gls-group.eu/media/gls_group_resources/gls_group_runtime_js.js?1638463235494 false
                                		high
                                https://gls-group.eu/media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_italic_woff.woff false
                                  		high
                                  https://gls-group.eu/media/gls_group_resources/gls_group_assets/gls_group_newsongls_web_lightitalic_woff.woff false
                                    		high
                                    https://gls-group.eu/media/gls_group_resources/gls_group_polyfills_js.js?1638463235494 false
                                      		high
                                      http://www.gls-france.com/cov/unavailable.html false unknown
                                      https://gls-group.eu/media/gls_group_resources/gls_group_assets/gls_group_arrow_top_blue_svg.svg false
                                        		high
                                        https://gls-group.eu/media/gls_group_resources/gls_group_common_js.js?1638463235494 false
                                          		high
                                          https://gls-group.eu/media/gls_group_resources/gls_group_wilh001_js.js?1638463235494 false
                                            		high
                                            https://gls-group.eu/FR/fr/suivi-colis?match= false
                                              		high
                                              https://gls-group.eu/media/gls_group_resources/gls_group_vendor_js.js?1638463235494 false
                                                		high
                                                https://gls-group.eu/FR/media/images/M5-SUIVI-COLIS-1440X400_M01.jpg false
                                                  		high
                                                  https://gls-group.eu/FR/fr/suivi-colis?match= false
                                                    		high