Windows Analysis Report
http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php

Overview

General Information

Sample URL:	http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php
Analysis ID:	1521671
Tags:	openphish
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

HTML body with high number of embedded images detected

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

HTML body with high number of embedded images detected

Source: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php

HTTP Parser: Total embedded image size: 23220

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: openrestyDate: Sat, 28 Sep 2024 23:06:26 GMTContent-Type: text/cssContent-Length: 5122Connection: keep-aliveLast-Modified: Sun, 24 Mar 2024 18:02:36 GMTETag: "44e2-6146bdca32700-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 3c d9 8e e4 38 72 ef 0b ec 3f 68 bb d1 a8 ae 6d 49 ad 3b a5 4c f4 62 0f cc 62 1f 3c 86 01 db 0b 18 83 46 83 92 a8 4c 4d 29 25 8d 8e 3a 26 91 2f fe 88 fd 0a 3f f9 93 fc 25 0e 5e 4a 92 62 66 d5 c0 0b c3 f0 54 77 97 c4 23 18 0c c6 1d d4 fc be 38 a0 61 c4 93 f5 ee 5f ff e5 cf 4e fa 6e e7 e2 c7 7a c2 47 dc 4e a7 be 1b eb a9 ee da 2d ca c7 ae 99 27 bc 6b 70 35 6d 9d 8c fe d7 3f 9f 2f 63 b7 55 57 cc a3 2d 35 1c ba 47 3c 5c 40 0c b8 41 53 fd c8 41 78 67 77 1a 50 3b f6 68 20 0b 3d d5 e5 74 d8 fa 9e f7 61 d7 f5 a8 a8 a7 97 ad b7 3b e0 7a 7f 98 58 eb 15 4c bc dd d4 f5 f0 2f 59 aa 6a ba a7 ed a1 2e 4b dc 9e 5d d4 34 78 28 ba 76 c2 ed 6c a1 53 05 4f ce 58 ff 8c b7 be eb e3 e3 8e be 3f 31 f8 0d f9 17 0f bb a2 6b ba 61 fb 3e 8c c9 cf 2e ef 86 12 0f 4e de 4d 53 77 dc b6 5d 8b 77 13 7e 9e 9c 12 17 dd 80 28 2a a4 51 5f 69 8b 0a b2 49 5b 6f e6 d4 d1 5a 19 89 64 64 22 cf 13 88 78 f0 a8 62 e1 f7 cf 16 ec be 2e 2d 81 a5 19 a5 b9 76 80 a0 7b 3c c9 fb 26 54 a4 af 15 3a d6 cd cb f6 0f 43 8d 1a fb 2f b8 79 c4 53 5d 20 eb 1f f1 8c 2f af f6 08 87 e3 8c 78 a8 2b 09 9e 73 c0 08 f0 39 e5 a8 78 d8 0f dd dc 96 04 cd 00 45 9e 45 56 b6 06 dc 63 34 59 63 31 74 4d 63 79 96 d8 80 8c 79 59 96 62 87 55 55 ed f4 cd cb 27 15 e0 23 5d 7c 9c d0 84 61 9b 15 9a 9b c9 22 2d 35 d0 50 c2 c2 a9 8f 68 8f b7 f3 d0 7c e4 9d e3 b7 e0 bb f8 cf d9 77 df 82 38 79 0e 22 cf f5 02 3f 46 59 be c1 49 50 94 9b b4 40 69 99 b8 7d bb bf 97 56 e0 87 b4 bc d3 e3 b1 a5 ed b3 93 63 28 e8 53 ae 0e 59 41 61 44 bc 05 64 35 82 31 8a 4c 76 42 c6 35 71 03 1c 57 19 16 f4 e5 6f 32 89 37 9e 77 ae ba e1 f8 43 8b 8e f8 cb 80 cb 7a c0 05 61 9d 7f ae fb f1 ab 2c 87 32 af fc 15 0f 25 6a 91 ad f1 8c c4 24 f2 91 4a e7 22 10 d9 c0 4f a6 9f 2d e3 5e 04 f2 d7 6e 0b a0 19 c8 a0 86 ea ee 88 86 7d dd 12 84 60 8f 68 9e 3a cb 3b 23 1b e5 f9 60 23 60 b2 f6 e5 68 a3 b2 1c f0 38 da a8 ef 1b 3c d9 68 00 cc 1a 6c a3 b1 2e e1 df b9 ac 3b 3b b7 f3 7a 6f e7 4d 57 3c fc 34 77 13 b6 f3 ae 7c b1 0b d4 3e a2 11 7e f5 64 ff 36 c3 c0 06 dd 83 ed a2 83 b9 65 69 97 b8 81 bf 13 aa 9b d1 2e ab d6 2e eb 47 bb 84 a6 c9 c6 c7 1c 97 76 55 e3 a6 04 dd 09 0f 7b 01 07 1e e7 01 db 55 d7 11 70 84 d6 f6 c1 b7 0f 81 7d 08 ed 43 64 1f 62 fb 90 d8 ec 80 ed 03 21 53 6f 1f a6 63 63 d7 76 5d 0d 70 28 76 7d dc db 75 3b da 0f 79 69 37 28 07 14 1a bc c7 2d bc d4 36 d0 e3 c1 06 ed 3a db 2d 7a b4 bb fc 47 38 3c bb 6b ec 6e 9e fa 79 b2 7b 58 f8 27 7b 98 f3 17 7b 84 c3 39 f6 f6 c8 4e d7 1e 8f a0 7a 6c 50 b7 f0 38 0d f5 03 26 bf ba 76 6f 8f 73 0e 7f 8f 00 18 e6 00 2e 13 ca 81 7a 13 a5 d0 54 da 13 d9 87 3d 1d e0 0f a0 6c 4f 35 20 38 0d f6 34 d9 b3 3d 37 f6 23 1a ec 47 20 74 77 e2 27 e5 ed 7a 38 90 ba dd 6f 17 d9 17 32 3d bd 34 78 5b b7 07 60 97 89 73 17

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/3dsece.php HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/styles.572738d2b631b3d66c72.css HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/logo-amendes-gouv.svg HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/banner.f9855031892baad8a497.svg HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/infos_files/styles.572738d2b631b3d66c72.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/logo-amendes-gouv.svg HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/3dsece.php HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/banner.f9855031892baad8a497.svg HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/infos_files/styles.572738d2b631b3d66c72.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: support-inc-riccardopulcini733255.codeanyapp.com
Source: global traffic	DNS traffic detected: DNS query: www.amendes.gouv.fr
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Sat, 28 Sep 2024 23:06:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://support-inc-riccardopulcini733255.codeanyapp.com/wp-json/>; rel="https://api.w.org/"Data Raw: 66 38 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 61 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 61 64 6d 69 6e 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 61 64 6d 69 6e 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d Data Ascii: f87<
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Sat, 28 Sep 2024 23:06:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://support-inc-riccardopulcini733255.codeanyapp.com/wp-json/>; rel="https://api.w.org/"Data Raw: 33 31 37 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 61 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 61 64 6d 69 6e 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 61 64 6d 69 6e 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 Data Ascii: 3177

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@20/12@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2036,i,17593328324825855044,3341751566864348682,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2036,i,17593328324825855044,3341751566864348682,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
185.8.53.118	amendes.gouv.fr	Belgium	62325	OGONEBE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
198.199.109.95	support-inc-riccardopulcini733255.codeanyapp.com	United States	14061	DIGITALOCEAN-ASNUS	false

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name	IP	Active
www.google.com	142.250.184.196	true
amendes.gouv.fr	185.8.53.118	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
support-inc-riccardopulcini733255.codeanyapp.com	198.199.109.95	true
www.amendes.gouv.fr	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php	true	unknown
http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php#site-content	true	unknown
http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/infos_files/logo-amendes-gouv.svg	false	unknown
http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/infos_files/banner.f9855031892baad8a497.svg	false	unknown
http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/infos_files/styles.572738d2b631b3d66c72.css	false	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 50	ASCII text, with very long lines (65447)	2C872DBE60F4BA70FB85356113D8B35E	EE48592D1FFF952FCF06CE0B666ED4785493AFDC	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
Chrome Cache Entry: 51	SVG Scalable Vector Graphics image	E0E8BFEA36C47EF31EC61169C8B0FB95	5F42E1A67EC658D358B289C42E39E86619CF798B	5932743BF769427D05289E72FB2BDB7CD1A5BC46F01248BE159EB820FE27271D
Chrome Cache Entry: 52	gzip compressed data, from Unix, original size modulo 2^32 17634	ACC35B2E6024A9F38F77B697AF089474	D3FCDBDF62E8C949B6C80321067F2AF15C2DD1DA	F2743B4FCA86A14B590FD4C77EB422D08BB8D610691A9BC5C1445ED0B3E34348
Chrome Cache Entry: 53	ASCII text, with very long lines (65447)	2C872DBE60F4BA70FB85356113D8B35E	EE48592D1FFF952FCF06CE0B666ED4785493AFDC	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
Chrome Cache Entry: 54	SVG Scalable Vector Graphics image	E0E8BFEA36C47EF31EC61169C8B0FB95	5F42E1A67EC658D358B289C42E39E86619CF798B	5932743BF769427D05289E72FB2BDB7CD1A5BC46F01248BE159EB820FE27271D
Chrome Cache Entry: 55	ASCII text, with no line terminators	46DC09FEBD4FD378524E4667BBAC8BB1	79A5A2C38E664BFFC279046D50BA6EBEC7296000	1BB487E5D09CB665B0EE1B11022E538A2E099668C71EFD01A74C46CEDA69DD5E
Chrome Cache Entry: 56	gzip compressed data, from Unix, original size modulo 2^32 187747	AE48A12452AB36869B6C61D66D83FC2F	CF4928E387DA8200B5CB47DA84936ABDAFA28284	20C6A16AED69CC09B2B66E53FEF9EC4742AD4BF0C3ED24A0EF9CA69090BF46C1

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

HTML body with high number of embedded images detected

Source: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php

HTTP Parser: Total embedded image size: 23220

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.205.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/3dsece.php HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/styles.572738d2b631b3d66c72.css HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/logo-amendes-gouv.svg HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/banner.f9855031892baad8a497.svg HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/infos_files/styles.572738d2b631b3d66c72.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/logo-amendes-gouv.svg HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/3dsece.php HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-admin/css/colors/blue/am/infos_files/banner.f9855031892baad8a497.svg HTTP/1.1Host: support-inc-riccardopulcini733255.codeanyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/infos_files/styles.572738d2b631b3d66c72.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: support-inc-riccardopulcini733255.codeanyapp.com
Source: global traffic	DNS traffic detected: DNS query: www.amendes.gouv.fr
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Sat, 28 Sep 2024 23:06:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://support-inc-riccardopulcini733255.codeanyapp.com/wp-json/>; rel="https://api.w.org/"Data Raw: 66 38 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 61 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 61 64 6d 69 6e 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 61 64 6d 69 6e 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d Data Ascii: f87<
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Sat, 28 Sep 2024 23:06:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://support-inc-riccardopulcini733255.codeanyapp.com/wp-json/>; rel="https://api.w.org/"Data Raw: 33 31 37 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 61 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 61 64 6d 69 6e 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 61 64 6d 69 6e 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 75 70 70 6f 72 74 2d 69 6e 63 2d 72 69 63 63 61 72 64 6f 70 75 6c 63 69 6e 69 37 33 33 32 35 35 2e 63 6f 64 65 61 6e 79 61 70 70 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 Data Ascii: 3177

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@20/12@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2036,i,17593328324825855044,3341751566864348682,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2036,i,17593328324825855044,3341751566864348682,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1521671
Product:	CloudBasic
Start time:	01:57:14
Start date:	29.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://support-inc-riccardopulcini733255.codeanyapp.com/wp-admin/css/colors/blue/am/3dsece.php