Windows Analysis Report
https://mychaseexclusive.ru/case?token

Overview

General Information

Sample URL:	https://mychaseexclusive.ru/case?token
Analysis ID:	1502389
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected BlockedWebSite

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Classification

Signatures

Phishing

Yara detected BlockedWebSite

Source: Yara match

File source: 2.2.pages.csv, type: HTML

HTML page contains hidden javascript code

Source: https://mychaseexclusive.ru/case?token

HTTP Parser: Base64 decoded: 1725158639.000000

Source: https://mychaseexclusive.ru/case?token	HTTP Parser: No favicon
Source: http://mychaseexclusive.ru/case/?token	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:56917 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /case?token HTTP/1.1Host: mychaseexclusive.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: mychaseexclusive.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /case?token HTTP/1.1Host: mychaseexclusive.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://mychaseexclusive.ru/case?tokenAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js? HTTP/1.1Host: mychaseexclusive.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js? HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://mychaseexclusive.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/8bc1ea757ae2437f HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /case/?token HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://mychaseexclusive.ru/case/?tokenAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://mychaseexclusive.ru/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://mychaseexclusive.ru/case/?tokenAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE

Source: global traffic	DNS traffic detected: DNS query: mychaseexclusive.ru
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /case?token HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveContent-Length: 22sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-Requested-TimeStamp-Expire: sec-ch-ua-mobile: ?0X-Requested-TimeStamp-Combination: X-Requested-Type-Combination: GETContent-type: application/x-www-form-urlencodedX-Requested-Type: GETUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36ZaOHwFApya53RTC4BTqa5t59QUs: 50322854X-Requested-with: XMLHttpRequestX-Requested-TimeStamp: sec-ch-ua-platform: "Windows"Accept: */*Origin: https://mychaseexclusive.ruSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://mychaseexclusive.ru/case?tokenAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 01 Sep 2024 02:44:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockCache-Control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutablePragma: publicCF-Cache-Status: HITAge: 814140Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ldypmoCwgyqJ%2FHVWxHY419f5RqLdMoOKP2p8kXZHnMnhfuFj%2FOvuriyxS9qDPyUNFh2b2nzi4DK2OwNMprh4v9ORGkD3Q7zY6FWCOJrDc%2FZTLX3cUbM%2Bpw4qaDYwSJRQ6xV8Cytz"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bc1ea920cd21921-EWRalt-svc: h3=":443"; ma=86400

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56923
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56924
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@22/10@18/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2036,i,9328697437574807042,17108672982110021698,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mychaseexclusive.ru/case?token"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2036,i,9328697437574807042,17108672982110021698,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.7.89	mychaseexclusive.ru	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
172.67.135.236	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
www.google.com	142.250.185.132	true
mychaseexclusive.ru	104.21.7.89	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mychaseexclusive.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=rxlO9UktNCk1WpZt%2FRaLyVhjO9TyCiJJCa50qqChPRe%2FipDkm8B8exLp0dwMNty1umuPXK0xfftqKtHo3qa6HzvRCxRh9%2F%2FOS1KcFW1ypy33u3haqq%2FnV0XK4JvezsmF9UfwpJIU	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=mdahbD%2FjwG7qm03aphoIs4bAVE42ANheSYBpOhJZMKaukDh3aC6hoM02nvcC%2BuyBuXzk4y3S74v8eiXUsc2dQUdpBPxBvlRWV7vGyVHTmSRB6C2HEyHwhORilGfKhKN9%2Bb%2BvRWup	false	Avira URL Cloud: safe	unknown
http://mychaseexclusive.ru/case/?token	false		unknown
https://mychaseexclusive.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js?	false	Avira URL Cloud: safe	unknown
https://mychaseexclusive.ru/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: safe	unknown
http://mychaseexclusive.ru/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: safe	unknown
http://mychaseexclusive.ru/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: safe	unknown
https://mychaseexclusive.ru/case?token	false		unknown
https://a.nel.cloudflare.com/report/v4?s=ldypmoCwgyqJ%2FHVWxHY419f5RqLdMoOKP2p8kXZHnMnhfuFj%2FOvuriyxS9qDPyUNFh2b2nzi4DK2OwNMprh4v9ORGkD3Q7zY6FWCOJrDc%2FZTLX3cUbM%2Bpw4qaDYwSJRQ6xV8Cytz	false	Avira URL Cloud: safe	unknown
http://mychaseexclusive.ru/favicon.ico	false	Avira URL Cloud: safe	unknown
https://mychaseexclusive.ru/cdn-cgi/challenge-platform/h/g/jsd/r/8bc1ea757ae2437f	false	Avira URL Cloud: safe	unknown
https://mychaseexclusive.ru/favicon.ico	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 106	gzip compressed data, from Unix, original size modulo 2^32 24051	99A8B213866426D482DB5C874E91CFC1	49BFFD206943C4A850376205EE720A87D08CE8CC	D117A3A72EDA86BB4E103C5DAD01F6828F9454E9232CDD763806D57FF6D3DEBE
Chrome Cache Entry: 107	PNG image data, 54 x 54, 8-bit colormap, non-interlaced	C33DE66281E933259772399D10A6AFE8	B9F9D500F8814381451011D4DCF59CD2D90AD94F	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
Chrome Cache Entry: 108	gzip compressed data, from Unix, original size modulo 2^32 4405	060CC8A327AA753B76B628C8A3BEAC83	3D76263F87FB36602219CDE99ED1B8A8E1BA1214	2D59DAF42561A3914CBD79A3B052508D619ED1FE8BF84321EEC079E00A6B1DF2
Chrome Cache Entry: 109	PNG image data, 54 x 54, 8-bit colormap, non-interlaced	C33DE66281E933259772399D10A6AFE8	B9F9D500F8814381451011D4DCF59CD2D90AD94F	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
Chrome Cache Entry: 110	ASCII text, with very long lines (7842), with no line terminators	7E59DE4CCEB036EB0F7985F8AE96F2D5	CCCA549E98BDB990E4D6E34E60C43135051B8486	668872DC768E78F73A76323F587E98C2AFBAFD0B7CE29F79CEA802E029B01E73
Chrome Cache Entry: 111	ASCII text, with very long lines (7847), with no line terminators	2495AC6A87C6E39D7D841C4E0B691490	63D72E347C4928A1F79B6C68AA62EE427150D5A7	0FBF12A9F12492D51D6B1F0B707540BE4BC6E7FA53BBB750F48C960F5C8B6C03

Phishing

Yara detected BlockedWebSite

Source: Yara match

File source: 2.2.pages.csv, type: HTML

HTML page contains hidden javascript code

Source: https://mychaseexclusive.ru/case?token

HTTP Parser: Base64 decoded: 1725158639.000000

Source: https://mychaseexclusive.ru/case?token	HTTP Parser: No favicon
Source: http://mychaseexclusive.ru/case/?token	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:56917 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /case?token HTTP/1.1Host: mychaseexclusive.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: mychaseexclusive.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /case?token HTTP/1.1Host: mychaseexclusive.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://mychaseexclusive.ru/case?tokenAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js? HTTP/1.1Host: mychaseexclusive.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/e7cf9275f425/main.js? HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://mychaseexclusive.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/8bc1ea757ae2437f HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /case/?token HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://mychaseexclusive.ru/case/?tokenAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://mychaseexclusive.ru/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mychaseexclusive.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://mychaseexclusive.ru/case/?tokenAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: BjcNjmN0-Pwccipeh5u98tXumNg=RlMmlDqDAXMD2-sDZQQTD_9Mt2w; vqvcV5FxXiC4lW3fXi-mk7Yniek=1725158636; rGQwSEOPwsEnpuR_hxDoi1LFJeM=1725245036; wEI2HLjHeHotR_BkdPbIlSz3B8Y=sMYomJlrBlmZzSyhoQA_hM4cdKE; NldLEC59kpxzgTjcuFdxCQh5s_s=_5wsorF3p1b651uGRwNr9-nLbuA; kXCmMa_0GiSRnNULyrGxWbTQpY0=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; gSaS8avy_wI_yiRmm2mEqhqzNfw=1725158639; Uk7aT3LVFyyC59E7GXZA4bh_PBs=1725245039; Ry9hFaaXTCPp9EgROrpabb_CLbY=Rt5BjAUrllMrhOMZaImIP9FoQhE

Source: global traffic	DNS traffic detected: DNS query: mychaseexclusive.ru
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

Source: global traffic

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56923
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56924
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@22/10@18/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2036,i,9328697437574807042,17108672982110021698,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mychaseexclusive.ru/case?token"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2036,i,9328697437574807042,17108672982110021698,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1502389
Product:	CloudBasic
Start time:	04:43:04
Start date:	01.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://mychaseexclusive.ru/case?token

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://mychaseexclusive.ru/case?token

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://mychaseexclusive.ru/case?token