Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
LLM: Score: 10 Reasons: HTML file with login form DOM: 0.1.pages.csv |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html# |
LLM: Score: 10 Reasons: HTML file with login form DOM: 7.2.pages.csv |
Source: Yara match |
File source: 7.2.pages.csv, type: HTML |
Source: Yara match |
File source: 0.1.pages.csv, type: HTML |
Source: Swift_ach Complaints.sppgCQDM.html |
HTTP Parser: Low number of body elements: 0 |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
Tab title: Sign in to your account |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html# |
Tab title: Sign in to your account |
Source: file:// |
Matcher: Template: microsoft matched with high similarity |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
Matcher: Found strong image similarity, brand: MICROSOFT |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
Matcher: Template: microsoft matched |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html# |
Matcher: Template: microsoft matched |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: Number of links: 0 |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: Title: Sign in to your account does not match URL |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: Invalid link: Privacy statement |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: Has password / email / username input fields |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: <input type="password" .../> found |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: No favicon |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: No favicon |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: No <meta name="author".. found |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: No <meta name="copyright".. found |
Source: unknown |
HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49757 version: TLS 1.0 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49735 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49739 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49746 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:49751 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49760 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:61045 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:61046 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:61051 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:61053 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:61054 version: TLS 1.2 |
Source: global traffic |
TCP traffic: 192.168.2.6:61042 -> 1.1.1.1:53 |
Source: Joe Sandbox View |
IP Address: 104.17.24.14 104.17.24.14 |
Source: Joe Sandbox View |
IP Address: 104.18.10.207 104.18.10.207 |
Source: Joe Sandbox View |
IP Address: 104.18.10.207 104.18.10.207 |
Source: Joe Sandbox View |
IP Address: 13.107.246.44 13.107.246.44 |
Source: Joe Sandbox View |
JA3 fingerprint: 1138de370e523e824bbca92d049a3777 |
Source: Joe Sandbox View |
JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4 |
Source: Joe Sandbox View |
JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e |
Source: unknown |
HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49757 version: TLS 1.0 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.64 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.215.165.89 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.115.3.253 |
Source: global traffic |
HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /attach%2Fbootstrap.min.js HTTP/1.1Host: 6146851516-1323985617.cos.na-ashburn.myqcloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /attach%2Fbootstrap.min.js HTTP/1.1Host: 6146851516-1323985617.cos.na-ashburn.myqcloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BvXoxG2xYpKrKZc&MD=2taWzMF2 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BvXoxG2xYpKrKZc&MD=2taWzMF2 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /6146851516/next.php HTTP/1.1Host: 185.215.165.89Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /6146851516/next.php HTTP/1.1Host: 185.215.165.89Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
DNS traffic detected: DNS query: code.jquery.com |
Source: global traffic |
DNS traffic detected: DNS query: cdnjs.cloudflare.com |
Source: global traffic |
DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com |
Source: global traffic |
DNS traffic detected: DNS query: stackpath.bootstrapcdn.com |
Source: global traffic |
DNS traffic detected: DNS query: 6146851516-1323985617.cos.na-ashburn.myqcloud.com |
Source: global traffic |
DNS traffic detected: DNS query: www.google.com |
Source: global traffic |
DNS traffic detected: DNS query: aadcdn.msftauth.net |
Source: unknown |
HTTP traffic detected: POST /6146851516/next.php HTTP/1.1Host: 185.215.165.89Connection: keep-aliveContent-Length: 13User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: nullAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 64 6f 3d 75 73 65 72 2d 63 68 65 63 6b Data Ascii: do=user-check |
Source: chromecache_156.2.dr, chromecache_155.2.dr |
String found in binary or memory: http://opensource.org/licenses/MIT). |
Source: chromecache_145.2.dr, chromecache_158.2.dr |
String found in binary or memory: https://getbootstrap.com) |
Source: chromecache_154.2.dr, chromecache_150.2.dr |
String found in binary or memory: https://getbootstrap.com/) |
Source: chromecache_154.2.dr, chromecache_150.2.dr, chromecache_145.2.dr, chromecache_158.2.dr |
String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE) |
Source: chromecache_154.2.dr, chromecache_150.2.dr, chromecache_145.2.dr, chromecache_158.2.dr |
String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors) |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49672 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 61054 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 61048 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 61051 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49739 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49738 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49736 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49737 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49736 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49735 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 61045 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 61052 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49726 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49735 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49739 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49760 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 61051 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 61052 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49760 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 61046 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 61045 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 61046 |
Source: unknown |
Network traffic detected: HTTP traffic on port 61053 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49757 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 61048 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49738 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49757 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49705 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49726 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 61053 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 61054 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49705 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49737 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49735 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49739 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49746 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:49751 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49760 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:61045 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:61046 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:61051 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:61053 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:61054 version: TLS 1.2 |
Source: Name includes: Swift_ach Complaints.sppgCQDM.html |
Initial sample: swift |
Source: classification engine |
Classification label: mal84.phis.winHTML@33/27@26/15 |
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Swift_ach Complaints.sppgCQDM.html" |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1944,i,14075110715521736204,1099939863701450736,262144 /prefetch:8 |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1944,i,14075110715521736204,1099939863701450736,262144 /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |
HTTP Parser: file:///C:/Users/user/Desktop/Swift_ach%20Complaints.sppgCQDM.html |