Windows Analysis Report
https://url.uk.m.mimecastprotect.com/s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/

Overview

General Information

Sample URL:	https://url.uk.m.mimecastprotect.com/s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/
Analysis ID:	1522479
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

Phishing

AI detected phishing page

Source: https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa

LLM: Score: 7 Reasons: The URL 'security-uk.m.mimecastprotect.com' does not match the legitimate domain 'intersnackgroup.com'., The domain 'mimecastprotect.com' is associated with Mimecast, a known email security service provider, which could be legitimate if used for security purposes., The subdomain 'security-uk.m' and the presence of 'mimecastprotect' suggest it could be a security-related service, but it is not directly associated with Intersnack's primary domain., The use of a third-party domain for email input fields is suspicious unless verified as a legitimate security service. DOM: 2.0.pages.csv

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Intersnack TTP Web Portal does not match URL

Source: https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa	HTTP Parser: No <meta name="author".. found
Source: https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa	HTTP Parser: No <meta name="author".. found

Source: https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa	HTTP Parser: No <meta name="copyright".. found
Source: https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/ HTTP/1.1Host: url.uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/ofkwqtl0sc-hJgXIcV3JNqlFzxd9F3tXQzsjUBaaGuuR0DiczYofULGqG_gyAP_qo3_YPVWx9TwzyDY2bLK3Rr14XvqFyFnk8OxOctpabXzFkOQMKkwXBEUj1yNCQhTn--0GQyx3oCCaFzXQ-yoIWKLbfCvVKDElG1TUTb7iVEx7tYpLVjrE1pWQfCWzGRBPGQUkgeNAwKL3yUD2Pa4L_PQ5C0572KYALUqNeoZ_pcB1Nb7TR_cwdhhko7G0SC9Z-keyLK_2N8xAmu42Uc1NO3U0qsydNESHIxdNU6y95aRXTOJbfKgVb0pyTY97kwDcXtK9ji5WVLlNMGLBuFJZXN8n7ZOaVya3Oek_cHBv3Klh8xShNmrCZU_6JU9zxkGPh52qZkP5KQeGTqgzdF7zAW542x2uAGfDc05CYS9ktQ28aswxqDLD_NOyO6fNH6WXwoXC5X-dQfVIZXRGUWAZlreueH9MmWNFxhMOW9ZTO71qU-yZXxUfkYnugmp1hHLdGU96pqwhux52mHTzCewvTo0-q6Kvm4Q2iBfNLzuNbAER2d0nX5Bm_4zWOFBTej3Vgi5w8f3fRpW9g7T-A-gLHPtgcI8M9LV9hmTqrBNcJYXPOQsN3_7yOwG4H6SVB49ByXJ5OqNxWPl3YCJl08jxvjmg4KjA-elCmMMoY-4syM8hJmU9r2He1TELqCL3M9yTmRrV7CY9ycaZNsqfhNzqyjg-kNNNgt1NAktUbsWE6Hy-5DCiJOl-l5czU-JEwpa8l6PPx-WtAsr-jvtQkVvc0sEYYm_Nu9i7dAQ3q60dtyhPw9AczbFsS8jB4UYomhutaorYznO852TZv3dPoC541Q9NAGJ2yYgw6TFx3gBralwJYd4LLecpoT9NH65HMy668T4XgYBM8Gdq0MZNF_6-K4Oxa8_indipsNjvDC0DTO98oz2ItMTUijeIEeuBm51xbpqgz0dygnnvgzGEh5317QYC3FbTrZCIU7fKwUg0k5gXYXLqN45U3Xn5bnvqjf15i40969SeDhsVE3dUNcHEEkz5IxLJGEpq3K2SQWjwVYvowainhXkJatuFzTcumjVOhmgHaOFQ0Zifi_woCiNyORXpPndXjOWY3POZkeLEVfp7ZCfh_3Dy-AnnI4_X6n3oHJT92FcpancLK5Uo_bU6hj_FwrSwidj65FyITAJ7in0hQi77mR96gKrdwPRUuWfUAY28Zi4OkRxFfbzrpXWDPqo7CzYwr4_nOKr6-a34N51r6GDvRZnVmNA_0KTs9vC_R6BWG9n8A8mlvWck3OZjSbfJEBYlEMY-shvBPc_thvAH457PA6rGdZD_MoFDtdnA0tjV6MCekPsaMfR20Yb1Kb2rRzD-TU1UO1mY0eubHxZatwviJPO0LZFRYk2o36gK1b64IdASxYjJ4CRVm-4-xb7yO_s2_tSO5iAelgNr9N7k_hEOaVHF4pvuU_sHvrYTDawm16BPulHPNim1BErsL3f5SD43A90U9Kx2yYvdE8Bpz-5FSO40XYrFAvFhc9olT7PHwvO6bArftUfz7Zdti603Lulr3Okg7Qcee7kWq_bBPQJpuQyZPZcCOf9P7My-3Ec4ZKMepw-kadvVa7Zjn0IkOgDq8UKA3o8aSwgjdH9lW0v8yBGJ7dXWGDgO0K0mrrXBYdqtDXnmHSSLlYsmbd80-JfzEsPHq9-xwr28iSygyeTsnHUGYfTKoRoD5_Q1SO84GHTC8eHmD6WDmhAlOTYwYpmwIB8eIDBYGm_XGCK3Fe6ji7BwT-sl1QMyqKQ27PGkkjoFcRqFSbFzEkXgeqa2_VSEAUNXHSTIsGWQMXsigmo4d92XsUf6aTx10DVLvl3zo9IDSdZxeIC42XEvdud6CA5V_Gl_Mv1gVzek6Ca0Ga6PE9NcEC6RGszAiJVlDPR_-9OWSADkE816N0QE5nQELw38bKxiCw_QinEo4hBEQasID31zhpLmkHBoYoMSHLRF_hkRFXbFnXjzVkAnEz7d1GTQMjzdxPXHVZQ2UzYUBzsvG5VhFinKsAg6zTar8JOxtPebQYZ264JldYIc7wcMPcsON3MusnrhCWYEt1MPqzyuavoH-yp0z6_1s7xS-ts_DVOMelpllr6SKyIQSWC2tXbny8nFVobd9Tmep37xvWVut6V59LZVuTGLojX9BDU_d1FLvBnMyAC8pHMY-4o4u883hhUWTx1mQMLEV_d3CdH6ZMRQ34ME-dv9lliV2qv48mtjHbwY1wNJyKIttTn9tyDP4c_laBwc3swzJq72d2qRDIoDIyKvpBpJTNtEJ1JooPPHUVlI5HzP2KYyCFZzYOqiuWU6PRJWC5BsF6lqAs1ZurPBRlQUQ58WzNvChE26zGyzw6wHlqmxNvWFyBAryRQ1KMgBRyWe337SJMuJNypjs-Uzcdg9SIgedifzf9c7a4236S9RjTry96Y_P9pxSA7NsLcmJSBgTc9qtla3YUtBDQfGPggYMfncAC2fTDecWZFFkLdkkV7q7flFsS9E4SXvIKu3FB1x7e7Ch7q7t-L_NOFtLYi7AGzUc8jwNuYrdUCxTQDe-eii3PGWvw HTTP/1.1Host: url.uk.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: na
Source: global traffic	HTTP traffic detected: GET /ttpwp?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/81f15691c8e13abeef2b9606ac8f301ee5b26dd1/style.css?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w&originalContextPath=ttpwp HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/runtime.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/polyfills.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/styles.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/main.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/runtime.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/polyfills.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/styles.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2 HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-uk.m.mimecastprotect.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-uk.m.mimecastprotect.com/ttpwp?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7wAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273 HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-uk.m.mimecastprotect.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-uk.m.mimecastprotect.com/ttpwp?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7wAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Content-Type: application/jsonx-context-route: ttpwpsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/main.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/81f15691c8e13abeef2b9606ac8f301ee5b26dd1/main-page-logo.png?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w&originalContextPath=ttpwp HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecastlogo@2x.png HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecastlogo@2x.png HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/81f15691c8e13abeef2b9606ac8f301ee5b26dd1/main-page-logo.png?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w&originalContextPath=ttpwp HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: url.uk.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: security-uk.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 06:48:54 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closex-content-type-options: nosniffx-xss-protection: 1; mode=blockx-frame-options: SAMEORIGINReferrer-Policy: no-referrerX-Robots-Tag: noindex, nofollowStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Vary: Accept-Encoding
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 06:48:54 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closex-content-type-options: nosniffx-xss-protection: 1; mode=blockx-frame-options: SAMEORIGINReferrer-Policy: no-referrerX-Robots-Tag: noindex, nofollowStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Vary: Accept-Encoding

Source: chromecache_71.2.dr	String found in binary or memory: http://www.mimecast.com/
Source: chromecache_71.2.dr	String found in binary or memory: https://community.mimecast.com/docs/DOC-241

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/34@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2024,i,17619125482257120158,7670211923122109498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.uk.m.mimecastprotect.com/s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2024,i,17619125482257120158,7670211923122109498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.220.42.89	unknown	United Kingdom	42427	MIMECAST-UKGB	false
91.220.42.88	security-uk.m.mimecastprotect.com	United Kingdom	42427	MIMECAST-UKGB	true
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
195.130.217.187	url.uk.m.mimecastprotect.com	United Kingdom	42427	MIMECAST-UKGB	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
url.uk.m.mimecastprotect.com	195.130.217.187	true
security-uk.m.mimecastprotect.com	91.220.42.88	true
www.google.com	142.250.184.196	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true

Contacted URLs

Name	Malicious	Reputation
https://security-uk.m.mimecastprotect.com/ttpwp/resources/styles.5257ca6e429949972959.js	false	unknown
https://url.uk.m.mimecastprotect.com/s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/	false	unknown
https://security-uk.m.mimecastprotect.com/branding/81f15691c8e13abeef2b9606ac8f301ee5b26dd1/style.css?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w&originalContextPath=ttpwp	false	unknown
https://security-uk.m.mimecastprotect.com/ttpwp/resources/runtime.5257ca6e429949972959.js	false	unknown
https://security-uk.m.mimecastprotect.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273	false	unknown
https://security-uk.m.mimecastprotect.com/ttpwp/resources/languages/en.json	false	unknown
https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa	true	unknown
https://security-uk.m.mimecastprotect.com/ttpwp?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w	false	unknown
https://security-uk.m.mimecastprotect.com/ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2	false	unknown
https://security-uk.m.mimecastprotect.com/ttpwp/resources/main.5257ca6e429949972959.js	false	unknown
https://security-uk.m.mimecastprotect.com/branding/81f15691c8e13abeef2b9606ac8f301ee5b26dd1/main-page-logo.png?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w&originalContextPath=ttpwp	false	unknown
https://security-uk.m.mimecastprotect.com/ttpwp/resources/images/mimecastlogo@2x.png	false	unknown
https://security-uk.m.mimecastprotect.com/ttpwp/resources/polyfills.5257ca6e429949972959.js	false	unknown
https://security-uk.m.mimecastprotect.com/ttpwp/resources/images/favicon.ico	false	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 58	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	44385673EEF386EC121603CD302FD05F	C15A6D61054FFB16D8DF4DA943B545349FC82631	069E8A1E31ABA074CC28BC9D6D54C67495BD42A02115DC232BE7C8D9F83E40A8
Chrome Cache Entry: 59	ASCII text, with very long lines (65536), with no line terminators	5F0D3A7E853059D6E1BF72263336A1B6	1D2860B87C7C0DFBC8A4BB72733BFA811108826D	C1C6725B64EE8DDB255DE008BDFFB528CB91B10DE40B67737E0B6DD9C47C6096
Chrome Cache Entry: 60	Web Open Font Format (Version 2), TrueType, length 137104, version 331.-31196	DBF1FC91F1BEEC2915123257EA4D58EF	D2A6D5D31334F6D0831F1C17D26E23FE0AA6A8DB	8D4D29042C23B5FCBED3AF690421776DE0F8AD3D308D66E24A9D80BCC8CCB522
Chrome Cache Entry: 61	ASCII text, with very long lines (1492), with no line terminators	3AD4DE7EFFAAC3D0048EF54F8491451F	B807DD524C22B9F6241B1EF14AD6902D5C9D9215	6C36E59711DF161A3D7A2D6FB3E5C17A8767A2F42AEADD9BF166830FDB8ACD5E
Chrome Cache Entry: 62	JSON data	BEC66575E1C280E5041EFB0665141845	42893859EA2DE523193BD7CBD4173E52E9B402C1	0367BF9BDDF7F8747008FA412393A70E505BBFB63A0F6CEF23D319EE932B786A
Chrome Cache Entry: 63	Web Open Font Format (Version 2), TrueType, length 37608, version 1.0	E5231978386520AFD0019A8F5D007882	5E06725A18323ED9372E3E488D4F6DF1A56B3091	71BF29B23EAACC10ACE4DB7E3711FD8F16F199F8F5F8FF5895A0BB0C13546509
Chrome Cache Entry: 64	ASCII text, with very long lines (65536), with no line terminators	A792F7BBECA0147C515D7ECAA5479B83	B6B6AB4BA9403B8934E36EF587C612F86180D18B	FA9682F24595628BABEF9DAC52F38DCB373C4EBA5E555339CC0666B67EEADDAE
Chrome Cache Entry: 65	ASCII text, with very long lines (65536), with no line terminators	0AF2F9447CC29B13B5986BB0B2DF1201	18A26C55CB12A8CB5A40738D63EBBADFF9C9E157	DD23B2D3B699647A55640F98703B96CF76473C19969E11AB05653DBDF5ABCE0C
Chrome Cache Entry: 66	PNG image data, 278 x 28, 8-bit/color RGBA, non-interlaced	07B8BD39C8F13A94F1CCD97F7653D428	FE66A7D2E3671B1543D0386A6FC6B3B33E8D9F1B	8E1D77F207216CE9BEE61B3DF07A4D368A83409EB166816B5A9A197B9FFBEB9C
Chrome Cache Entry: 67	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	44385673EEF386EC121603CD302FD05F	C15A6D61054FFB16D8DF4DA943B545349FC82631	069E8A1E31ABA074CC28BC9D6D54C67495BD42A02115DC232BE7C8D9F83E40A8
Chrome Cache Entry: 68	ASCII text, with very long lines (1492), with no line terminators	3AD4DE7EFFAAC3D0048EF54F8491451F	B807DD524C22B9F6241B1EF14AD6902D5C9D9215	6C36E59711DF161A3D7A2D6FB3E5C17A8767A2F42AEADD9BF166830FDB8ACD5E
Chrome Cache Entry: 69	ASCII text, with very long lines (65536), with no line terminators	5F0D3A7E853059D6E1BF72263336A1B6	1D2860B87C7C0DFBC8A4BB72733BFA811108826D	C1C6725B64EE8DDB255DE008BDFFB528CB91B10DE40B67737E0B6DD9C47C6096
Chrome Cache Entry: 70	ASCII text, with no line terminators	9D1EAD73E678FA2F51A70A933B0BF017	D205CBD6783332A212C5AE92D73C77178C2D2F28	0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
Chrome Cache Entry: 71	HTML document, ASCII text, with very long lines (4179)	97D5326A53600EC3ABD66D54F66D65E9	52A8A5E57AEDB9BC85F0C374C8D5ECE9E90309CB	BD78F75BBDB56CF7B37CD4F12756C334EA72F51E50DDAF32737A6B26295E7C75
Chrome Cache Entry: 72	ASCII text, with no line terminators	4ED71EED77D1C12FE35CBE4D591F22F5	60AC07F101FC34AEB416E9C89BA1D5C9F42ED33B	6CB2B24E7310C9007261AC7DE5BB5BCE1DC1AFD914250345DF157CDC064DFE38
Chrome Cache Entry: 73	PNG image data, 300 x 120, 8-bit/color RGBA, non-interlaced	B175C3E9446F8A4CCCA4670C5D09E03E	3B73FA0F0FE88BFF6C03E4E0F41A0ADA69899B46	AD97CDF184121B39E2B0E690A9955B668FDA68D3FF6004E220EDB374FDA7EF44
Chrome Cache Entry: 74	PNG image data, 300 x 120, 8-bit/color RGBA, non-interlaced	B175C3E9446F8A4CCCA4670C5D09E03E	3B73FA0F0FE88BFF6C03E4E0F41A0ADA69899B46	AD97CDF184121B39E2B0E690A9955B668FDA68D3FF6004E220EDB374FDA7EF44
Chrome Cache Entry: 75	ASCII text, with very long lines (4401)	2EABC791596E21EA39C4B702898FB50A	2D02BA0852B7153C6F5FB7CB6F5F773B900564F5	6F62AF42034A066CAE2FC7D8A084163CC2F658A2C54D873ACF227A4E71DCA735
Chrome Cache Entry: 76	JSON data	BEC66575E1C280E5041EFB0665141845	42893859EA2DE523193BD7CBD4173E52E9B402C1	0367BF9BDDF7F8747008FA412393A70E505BBFB63A0F6CEF23D319EE932B786A
Chrome Cache Entry: 77	ASCII text, with no line terminators	9D1EAD73E678FA2F51A70A933B0BF017	D205CBD6783332A212C5AE92D73C77178C2D2F28	0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
Chrome Cache Entry: 78	PNG image data, 278 x 28, 8-bit/color RGBA, non-interlaced	07B8BD39C8F13A94F1CCD97F7653D428	FE66A7D2E3671B1543D0386A6FC6B3B33E8D9F1B	8E1D77F207216CE9BEE61B3DF07A4D368A83409EB166816B5A9A197B9FFBEB9C

Phishing

AI detected phishing page

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML title does not match URL

HTTP Parser: Title: Intersnack TTP Web Portal does not match URL

Source: https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa	HTTP Parser: No <meta name="author".. found
Source: https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa	HTTP Parser: No <meta name="author".. found

Source: https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa	HTTP Parser: No <meta name="copyright".. found
Source: https://security-uk.m.mimecastprotect.com/ttpwp/?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w#/enrollment?key=7f171171-6be5-3c2e-9b8e-8571492e5caa	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/ HTTP/1.1Host: url.uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/ofkwqtl0sc-hJgXIcV3JNqlFzxd9F3tXQzsjUBaaGuuR0DiczYofULGqG_gyAP_qo3_YPVWx9TwzyDY2bLK3Rr14XvqFyFnk8OxOctpabXzFkOQMKkwXBEUj1yNCQhTn--0GQyx3oCCaFzXQ-yoIWKLbfCvVKDElG1TUTb7iVEx7tYpLVjrE1pWQfCWzGRBPGQUkgeNAwKL3yUD2Pa4L_PQ5C0572KYALUqNeoZ_pcB1Nb7TR_cwdhhko7G0SC9Z-keyLK_2N8xAmu42Uc1NO3U0qsydNESHIxdNU6y95aRXTOJbfKgVb0pyTY97kwDcXtK9ji5WVLlNMGLBuFJZXN8n7ZOaVya3Oek_cHBv3Klh8xShNmrCZU_6JU9zxkGPh52qZkP5KQeGTqgzdF7zAW542x2uAGfDc05CYS9ktQ28aswxqDLD_NOyO6fNH6WXwoXC5X-dQfVIZXRGUWAZlreueH9MmWNFxhMOW9ZTO71qU-yZXxUfkYnugmp1hHLdGU96pqwhux52mHTzCewvTo0-q6Kvm4Q2iBfNLzuNbAER2d0nX5Bm_4zWOFBTej3Vgi5w8f3fRpW9g7T-A-gLHPtgcI8M9LV9hmTqrBNcJYXPOQsN3_7yOwG4H6SVB49ByXJ5OqNxWPl3YCJl08jxvjmg4KjA-elCmMMoY-4syM8hJmU9r2He1TELqCL3M9yTmRrV7CY9ycaZNsqfhNzqyjg-kNNNgt1NAktUbsWE6Hy-5DCiJOl-l5czU-JEwpa8l6PPx-WtAsr-jvtQkVvc0sEYYm_Nu9i7dAQ3q60dtyhPw9AczbFsS8jB4UYomhutaorYznO852TZv3dPoC541Q9NAGJ2yYgw6TFx3gBralwJYd4LLecpoT9NH65HMy668T4XgYBM8Gdq0MZNF_6-K4Oxa8_indipsNjvDC0DTO98oz2ItMTUijeIEeuBm51xbpqgz0dygnnvgzGEh5317QYC3FbTrZCIU7fKwUg0k5gXYXLqN45U3Xn5bnvqjf15i40969SeDhsVE3dUNcHEEkz5IxLJGEpq3K2SQWjwVYvowainhXkJatuFzTcumjVOhmgHaOFQ0Zifi_woCiNyORXpPndXjOWY3POZkeLEVfp7ZCfh_3Dy-AnnI4_X6n3oHJT92FcpancLK5Uo_bU6hj_FwrSwidj65FyITAJ7in0hQi77mR96gKrdwPRUuWfUAY28Zi4OkRxFfbzrpXWDPqo7CzYwr4_nOKr6-a34N51r6GDvRZnVmNA_0KTs9vC_R6BWG9n8A8mlvWck3OZjSbfJEBYlEMY-shvBPc_thvAH457PA6rGdZD_MoFDtdnA0tjV6MCekPsaMfR20Yb1Kb2rRzD-TU1UO1mY0eubHxZatwviJPO0LZFRYk2o36gK1b64IdASxYjJ4CRVm-4-xb7yO_s2_tSO5iAelgNr9N7k_hEOaVHF4pvuU_sHvrYTDawm16BPulHPNim1BErsL3f5SD43A90U9Kx2yYvdE8Bpz-5FSO40XYrFAvFhc9olT7PHwvO6bArftUfz7Zdti603Lulr3Okg7Qcee7kWq_bBPQJpuQyZPZcCOf9P7My-3Ec4ZKMepw-kadvVa7Zjn0IkOgDq8UKA3o8aSwgjdH9lW0v8yBGJ7dXWGDgO0K0mrrXBYdqtDXnmHSSLlYsmbd80-JfzEsPHq9-xwr28iSygyeTsnHUGYfTKoRoD5_Q1SO84GHTC8eHmD6WDmhAlOTYwYpmwIB8eIDBYGm_XGCK3Fe6ji7BwT-sl1QMyqKQ27PGkkjoFcRqFSbFzEkXgeqa2_VSEAUNXHSTIsGWQMXsigmo4d92XsUf6aTx10DVLvl3zo9IDSdZxeIC42XEvdud6CA5V_Gl_Mv1gVzek6Ca0Ga6PE9NcEC6RGszAiJVlDPR_-9OWSADkE816N0QE5nQELw38bKxiCw_QinEo4hBEQasID31zhpLmkHBoYoMSHLRF_hkRFXbFnXjzVkAnEz7d1GTQMjzdxPXHVZQ2UzYUBzsvG5VhFinKsAg6zTar8JOxtPebQYZ264JldYIc7wcMPcsON3MusnrhCWYEt1MPqzyuavoH-yp0z6_1s7xS-ts_DVOMelpllr6SKyIQSWC2tXbny8nFVobd9Tmep37xvWVut6V59LZVuTGLojX9BDU_d1FLvBnMyAC8pHMY-4o4u883hhUWTx1mQMLEV_d3CdH6ZMRQ34ME-dv9lliV2qv48mtjHbwY1wNJyKIttTn9tyDP4c_laBwc3swzJq72d2qRDIoDIyKvpBpJTNtEJ1JooPPHUVlI5HzP2KYyCFZzYOqiuWU6PRJWC5BsF6lqAs1ZurPBRlQUQ58WzNvChE26zGyzw6wHlqmxNvWFyBAryRQ1KMgBRyWe337SJMuJNypjs-Uzcdg9SIgedifzf9c7a4236S9RjTry96Y_P9pxSA7NsLcmJSBgTc9qtla3YUtBDQfGPggYMfncAC2fTDecWZFFkLdkkV7q7flFsS9E4SXvIKu3FB1x7e7Ch7q7t-L_NOFtLYi7AGzUc8jwNuYrdUCxTQDe-eii3PGWvw HTTP/1.1Host: url.uk.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: na
Source: global traffic	HTTP traffic detected: GET /ttpwp?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/81f15691c8e13abeef2b9606ac8f301ee5b26dd1/style.css?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w&originalContextPath=ttpwp HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/runtime.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/polyfills.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/styles.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/main.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/runtime.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/polyfills.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/styles.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2 HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-uk.m.mimecastprotect.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-uk.m.mimecastprotect.com/ttpwp?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7wAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273 HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-uk.m.mimecastprotect.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-uk.m.mimecastprotect.com/ttpwp?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7wAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Content-Type: application/jsonx-context-route: ttpwpsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/main.5257ca6e429949972959.js HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/81f15691c8e13abeef2b9606ac8f301ee5b26dd1/main-page-logo.png?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w&originalContextPath=ttpwp HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecastlogo@2x.png HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecastlogo@2x.png HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/81f15691c8e13abeef2b9606ac8f301ee5b26dd1/main-page-logo.png?tkn=3.oLd3rhcdaN5iJRshRhexMTAQcLvFS0rcHXyG7-4JTZtDZkP9k0kZhNVwhq1qISKW6X7917WgQq0KRgxFPqAbD7PGvItFoiRtHaxccInLNxwtPQxoGXih61GdrYdk0CSDen40FyAxQWY6eINSLiOk2D0ZRX_xGTs-nlabFp45DSXrdc-PCKHiDmqViIaCaPbl.7jFMsSODCqrQqxMKlS6b7w&originalContextPath=ttpwp HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-uk.m.mimecastprotect.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: url.uk.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: security-uk.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 06:48:54 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closex-content-type-options: nosniffx-xss-protection: 1; mode=blockx-frame-options: SAMEORIGINReferrer-Policy: no-referrerX-Robots-Tag: noindex, nofollowStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Vary: Accept-Encoding
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Sep 2024 06:48:54 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closex-content-type-options: nosniffx-xss-protection: 1; mode=blockx-frame-options: SAMEORIGINReferrer-Policy: no-referrerX-Robots-Tag: noindex, nofollowStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Vary: Accept-Encoding

Source: chromecache_71.2.dr	String found in binary or memory: http://www.mimecast.com/
Source: chromecache_71.2.dr	String found in binary or memory: https://community.mimecast.com/docs/DOC-241

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/34@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2024,i,17619125482257120158,7670211923122109498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.uk.m.mimecastprotect.com/s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2024,i,17619125482257120158,7670211923122109498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1522479
Product:	CloudBasic
Start time:	08:47:52
Start date:	30.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://url.uk.m.mimecastprotect.com/s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://url.uk.m.mimecastprotect.com/s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://url.uk.m.mimecastprotect.com/s/r06pCLv4mSmE7ORSBfNCyUvN-?domain=clicktracking.yellowbook.com/