| Source: https://Saic.anastaclooverseas.com/zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/random.bby/inpoxqhfiww/gmail.com/ozwunijponqp8 |
Avira URL Cloud: detection malicious, Label: malware |
| Source: Email |
Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://Saic.anastaclooverseas.com |
| Source: unknown |
HTTPS traffic detected: 40.126.53.18:443 -> 192.168.2.16:49699 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.16:49713 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 23.52.182.8:443 -> 192.168.2.16:49715 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49714 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49725 version: TLS 1.2 |
| Source: |
Binary string: _.Pdb=function(a,b,c){var d=0,e=function(){d=0};return function(f){d||(d=_.ba.setTimeout(e,b),a.apply(c,arguments))}};_.Qdb=function(a,b){return arguments.length==2?function(c){return _.zd(c,a)==b}:function(c){return _.Hd(c,a)}};_.Rdb=function(a){return a instanceof _.Cg?a.el():a};_.Sdb=function(a,b){switch(_.YNa(b)){case 1:a.dir!=="ltr"&&(a.dir="ltr");break;case -1:a.dir!=="rtl"&&(a.dir="rtl");break;default:a.removeAttribute("dir")}};_.Hr=function(a,b){b.prototype.JS||(b.prototype.JS={});a&&(_.ue.getInstance().register(a,b),b.Il=function(c,d,e){var f=new _.Usa(d,e,b);return _.ila(c,b,f).map(function(g){Jdb(g,f.oa);return g})})};_.Ir=function(a){_.Hr(void 0,a)}; source: chromecache_62.1.dr, chromecache_60.1.dr |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
HTTP traffic: Redirect from: saic.anastaclooverseas.com to https://google.com/ |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.53.18 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.53.18 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.53.18 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.53.18 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.53.18 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.53.18 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.53.18 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.53.18 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.53.18 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.211.108 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 172.202.163.200 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 172.202.163.200 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 172.202.163.200 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 172.202.163.200 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 172.202.163.200 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 172.202.163.200 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 172.202.163.200 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 20.189.173.10 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 23.52.182.8 |
| Source: unknown |
TCP traffic detected without corresponding DNS query: 172.202.163.200 |
| Source: global traffic |
HTTP traffic detected: GET /zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/random.bby/inpoxqhfiww/gmail.com/ozwunijponqp8 HTTP/1.1Host: saic.anastaclooverseas.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
| Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=p1zYxg5evY6hENT&MD=FNBpXYgN HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
| Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1Host: google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic |
HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.OgBVQ9b8hgU.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEGAngUAYAGAXIEAAAAAAAAYAAAAgAAIAAAAAGABUAAAAAAAABACAAgACAAoAAACBUQAAICADgBKABABAACgIAEAAQAAggAwaAlEBiAIAAAAAAAAAEAAAADAEgEAAgA6AADAARAIAIHogAAAAAIAgAICZABgCBiAAAAAAAACADAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAgAKA/d=1/ed=1/br=1/rs=ACT90oFr81bXyZW_m8tv0lZMRLMnWXBrzQ/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WAw6rJEjvUr0YAAlkmW8hsc6BQMQkCoWogN1lWbAwuW1A5UbnnYA; NID=519=nUHdRg09WXghUkdCvMMQ2Mfx9sUrQVSJyH5TzPIhV74JXcqZfhBewV0a-H2AY7aWOt9ZczNVs5YEViKDfcn77RaEWOIkG0vZgQMsoWU_ZRkkzUw4HStmzAhueE-_adOzhDzc6IKJbQvGYVfbflmV-tYfhEAbUlmI_NKfAWyFaVzf_ZnW_juPZjeGZ_j69Ha9q8b4J8Q4iQ |
| Source: global traffic |
HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WAw6rJEjvUr0YAAlkmW8hsc6BQMQkCoWogN1lWbAwuW1A5UbnnYA; NID=519=nUHdRg09WXghUkdCvMMQ2Mfx9sUrQVSJyH5TzPIhV74JXcqZfhBewV0a-H2AY7aWOt9ZczNVs5YEViKDfcn77RaEWOIkG0vZgQMsoWU_ZRkkzUw4HStmzAhueE-_adOzhDzc6IKJbQvGYVfbflmV-tYfhEAbUlmI_NKfAWyFaVzf_ZnW_juPZjeGZ_j69Ha9q8b4J8Q4iQ |
| Source: global traffic |
HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.Lpk8bIFU8vI.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAIAggCAIAgAAAAAAWAAAIBgBAAAAAAgAAEADAo0wBQIAIAAAAABAAQABAAACAAAAAQAAAAAAAAEABAAAAAIAAAAAAAAAAABAgAAAAAAAAAAAAQAAAAHoAAAAAAAAAQEAAABgCBiAAAAAAAACgDwCCB2BIYQEAAAAAAAAAAAAAACBAgmAuJKAgAAEAAAAAAAAAAAAAAAAARJq4sAE/d=1/ed=1/dg=3/br=1/rs=ACT90oETls0Ancq4XPXBh_4DdYNFVHT6Tg/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb |
