Windows Analysis Report
http://143.198.34.238/login

Overview

General Information

Sample URL:	http://143.198.34.238/login
Analysis ID:	1592011
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected suspicious URL

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Suricata IDS alerts with low severity for network traffic

Classification

Signatures

Phishing

AI detected suspicious URL

Source: URL

Joe Sandbox AI: AI detected IP in URL: http://143.198.34.238

HTML title does not match URL

Source: http://143.198.34.238/login

HTTP Parser: Title: Data Driven Stories does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Source: http://143.198.34.238/login

HTTP Parser: Has password / email / username input fields

Source: http://143.198.34.238/login

HTTP Parser: <input type="password" .../> found

Source: http://143.198.34.238/login	HTTP Parser: No <meta name="author".. found
Source: http://143.198.34.238/login	HTTP Parser: No <meta name="author".. found

Source: http://143.198.34.238/login	HTTP Parser: No <meta name="copyright".. found
Source: http://143.198.34.238/login	HTTP Parser: No <meta name="copyright".. found

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2828824 - Severity 1 - ETPRO PHISHING Suspicious HTTP Credential Post to IP Address - Possible Successful Phish : 192.168.2.7:49900 -> 143.198.34.238:80
Source: Network traffic	Suricata IDS: 2828824 - Severity 1 - ETPRO PHISHING Suspicious HTTP Credential Post to IP Address - Possible Successful Phish : 192.168.2.7:49822 -> 143.198.34.238:80
Source: Network traffic	Suricata IDS: 2828824 - Severity 1 - ETPRO PHISHING Suspicious HTTP Credential Post to IP Address - Possible Successful Phish : 192.168.2.7:50005 -> 143.198.34.238:80

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238

Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/css/7795c05b04346f32.css HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/webpack-fac0fa64469bd0d7.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/fd9d1056-b3a8d9cf9e5ca59d.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/472-4a4ed842288fadc9.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/main-app-ce281d8555633725.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/app/login/layout-4cb945740f1cd4c3.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/749-a816bf4d35855418.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/app/login/page-a2f2fce6d057afb6.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/webpack-fac0fa64469bd0d7.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/media/img.bc2fb686.png HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://143.198.34.238/_next/static/css/7795c05b04346f32.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/749-a816bf4d35855418.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/app/login/page-a2f2fce6d057afb6.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/main-app-ce281d8555633725.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/app/login/layout-4cb945740f1cd4c3.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/472-4a4ed842288fadc9.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/fd9d1056-b3a8d9cf9e5ca59d.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/media/img.bc2fb686.png HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /api/auth/callback/credentials HTTP/1.1Host: 143.198.34.238Connection: keep-aliveContent-Length: 180User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: http://143.198.34.238Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238Data Raw: 65 6d 61 69 6c 3d 61 69 31 62 75 35 25 34 30 6c 69 6d 71 6e 70 2e 6e 65 74 26 70 61 73 73 77 6f 72 64 3d 4b 25 35 44 25 32 34 25 32 35 25 34 30 31 75 25 32 39 42 62 25 33 46 25 33 42 62 57 54 26 72 65 64 69 72 65 63 74 3d 66 61 6c 73 65 26 63 61 6c 6c 62 61 63 6b 55 72 6c 3d 25 32 46 26 63 73 72 66 54 6f 6b 65 6e 3d 33 65 61 38 39 35 32 33 37 34 65 65 36 31 66 66 37 39 32 63 32 33 66 39 61 39 64 39 33 39 37 62 30 65 37 62 31 62 34 35 31 30 36 35 30 64 33 34 61 35 66 30 31 62 65 64 61 66 63 36 66 34 38 33 26 6a 73 6f 6e 3d 74 72 75 65 Data Ascii: email=ai1bu5%40limqnp.net&password=K%5D%24%25%401u%29Bb%3F%3BbWT&redirect=false&callbackUrl=%2F&csrfToken=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483&json=true

Source: chromecache_65.4.dr, chromecache_81.4.dr	String found in binary or memory: http://143.198.34.238/api/auth/callback/credentials
Source: chromecache_65.4.dr, chromecache_81.4.dr	String found in binary or memory: http://143.198.34.238/api/auth/signin/credentials
Source: chromecache_69.4.dr, chromecache_61.4.dr	String found in binary or memory: http://ns.attribution.com/ads/1.0/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707

Source: classification engine

Classification label: sus21.win@16/39@2/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2204,i,2226652115409909841,90686907704941654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://143.198.34.238/login"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2204,i,2226652115409909841,90686907704941654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
143.198.34.238	unknown	United States	15557	LDCOMNETFR	true

Private

IP
192.168.2.7
192.168.2.4

Contacted Domains

Name	IP	Active
www.google.com	142.250.186.36	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://143.198.34.238/api/auth/providers	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/_next/static/chunks/472-4a4ed842288fadc9.js	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/login	false		unknown
http://143.198.34.238/_next/static/chunks/main-app-ce281d8555633725.js	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/_next/static/chunks/fd9d1056-b3a8d9cf9e5ca59d.js	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/_next/static/chunks/app/login/page-a2f2fce6d057afb6.js	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/_next/static/media/img.bc2fb686.png	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/_next/static/chunks/app/login/layout-4cb945740f1cd4c3.js	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/api/auth/callback/credentials	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/_next/static/chunks/749-a816bf4d35855418.js	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/api/auth/csrf	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/_next/static/chunks/webpack-fac0fa64469bd0d7.js	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/favicon.ico	true	Avira URL Cloud: safe	unknown
http://143.198.34.238/_next/static/css/7795c05b04346f32.css	true	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 57	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	C30C7D42707A47A3F4591831641E50DC	9ECFCC8F0EAD0BF3D2D7C39E084B88F41CC89A2E	2B8AD2D33455A8F736FC3A8EBF8F0BDEA8848AD4C0DB48A2833BD0F9CD775932
Chrome Cache Entry: 58	gzip compressed data, from Unix, original size modulo 2^32 171776	D1EC47570346D17FF967576EBFD826F0	DC770DD04135DAA72CAF4991F511851BD6B8D8C9	DD9DEAEDBEBE54CAC8EBB5788C56D0054A50563E0106DA02E39D0124AF9D1D39
Chrome Cache Entry: 59	gzip compressed data, from Unix, original size modulo 2^32 5047	100568AFFA02B456AAC486CA3134FACF	C7863E50A91E47FB67C05696CAD01C68D5F68F8F	AE366C77FAD4BC76F9C29CB73F6544E83AB83D504218B338F4A6B3FE6A155F17
Chrome Cache Entry: 60	gzip compressed data, from Unix, original size modulo 2^32 41830	0F62AF10ED5F6863E70199846FC4F9B2	8497791440215E0E43A54146619AA0C8040DBA5C	4BEC700E8335F48B50334ED2A71B54D284AD4771EB8FE95432A05F1C1DEAFFC2
Chrome Cache Entry: 61	PNG image data, 1080 x 1080, 8-bit/color RGBA, non-interlaced	9443351AC2287F0FAF23BA0E05509665	D5EC1F5A0F8E816564A3B2190682AF5B4DF47914	BF3DCA54AEE0516DB54848E0ACB8086E7D50F58B6B004745886B0651BFDFD076
Chrome Cache Entry: 62	gzip compressed data, from Unix, original size modulo 2^32 4613	D8592BBABE902B0E10C83789B0DCC7A9	BCC4CF8CFBA2B741A0592484C2FD07F664305A95	DA3B59B7CCD18ECC5FBCFCF9A54A3C3833553CC14E139953F11B5EB1C0B3131F
Chrome Cache Entry: 63	gzip compressed data, from Unix, original size modulo 2^32 8179	307FC5FB96526D15A1685DA08B8B6450	A6CEB84C759B238D400526BFC4795E226B4BE41C	FACCF491EE81E1DF26CBD22915082F5539FF6648A70B88C5A769B791FB04B332
Chrome Cache Entry: 64	JSON data	711F2B974358469668897686B586D48B	1AFB74D1FD3DE6E51D478635A871A5CFB1B90E98	424336C22BAE637A56AF7D4B7DB101F278BD588C59A9467CAEAD0E1F09F785AC
Chrome Cache Entry: 65	JSON data	C8DE9ED8EFB224AFF13747D96C627AC6	4FD3F4C2FF3B87BFF7C9FB83F63E086C743A1431	43BFD26998D5D6B33E635533F679EEE503B70862C3781DE68B5BAF2A7B5F8B7C
Chrome Cache Entry: 66	ASCII text, with very long lines (508), with no line terminators	C54DEF9FB916B3346215559481C97088	EAF31BAAEE901358F4F185DE5A94BE166C3F9509	6971437160E24BEF15431EC581F76E899248477C11F77A993AAAFA32B44D8CBF
Chrome Cache Entry: 67	gzip compressed data, from Unix, original size modulo 2^32 4613	D8592BBABE902B0E10C83789B0DCC7A9	BCC4CF8CFBA2B741A0592484C2FD07F664305A95	DA3B59B7CCD18ECC5FBCFCF9A54A3C3833553CC14E139953F11B5EB1C0B3131F
Chrome Cache Entry: 68	gzip compressed data, from Unix, original size modulo 2^32 4895	9BBA11E6CBD622F65DD1C4EB548B9576	D85DAB50841D3F03C3DB1EB7250D9BB6800AFDB5	04D145DE77C563CD76FFD2AAC85CB3353B890E9AF54BAD87EBC10C1F301DB0EA
Chrome Cache Entry: 69	PNG image data, 1080 x 1080, 8-bit/color RGBA, non-interlaced	9443351AC2287F0FAF23BA0E05509665	D5EC1F5A0F8E816564A3B2190682AF5B4DF47914	BF3DCA54AEE0516DB54848E0ACB8086E7D50F58B6B004745886B0651BFDFD076
Chrome Cache Entry: 70	gzip compressed data, from Unix, original size modulo 2^32 5047	100568AFFA02B456AAC486CA3134FACF	C7863E50A91E47FB67C05696CAD01C68D5F68F8F	AE366C77FAD4BC76F9C29CB73F6544E83AB83D504218B338F4A6B3FE6A155F17
Chrome Cache Entry: 71	gzip compressed data, from Unix, original size modulo 2^32 124947	1681F14CD9A2C9E0A4F5CFA3E10A4D46	ECB50FD243E34DB5EB86124D73B3E743D255EF7B	AB8E0EAE79807A9E84607471335C8F64CE5E18A0AA4D8D498A763EAF9319274F
Chrome Cache Entry: 72	gzip compressed data, from Unix, original size modulo 2^32 41830	0F62AF10ED5F6863E70199846FC4F9B2	8497791440215E0E43A54146619AA0C8040DBA5C	4BEC700E8335F48B50334ED2A71B54D284AD4771EB8FE95432A05F1C1DEAFFC2
Chrome Cache Entry: 73	gzip compressed data, from Unix, original size modulo 2^32 4895	9BBA11E6CBD622F65DD1C4EB548B9576	D85DAB50841D3F03C3DB1EB7250D9BB6800AFDB5	04D145DE77C563CD76FFD2AAC85CB3353B890E9AF54BAD87EBC10C1F301DB0EA
Chrome Cache Entry: 74	ASCII text, with no line terminators	4C42AB4890733A2B01B1B3269C4855E7	5B68BFE664DCBC629042EA45C23954EEF1A9F698	F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
Chrome Cache Entry: 75	gzip compressed data, from Unix, original size modulo 2^32 28637	CE9BBD5FA856DA941F71EF341922C464	ADF7736B727A59F4CF0D2F46E464D465BB8767A6	0741330DBAD9E4233B41D6BC642EFAA38B72F1C8E91C25360305980892CF3C6D
Chrome Cache Entry: 76	gzip compressed data, from Unix, original size modulo 2^32 171776	D1EC47570346D17FF967576EBFD826F0	DC770DD04135DAA72CAF4991F511851BD6B8D8C9	DD9DEAEDBEBE54CAC8EBB5788C56D0054A50563E0106DA02E39D0124AF9D1D39
Chrome Cache Entry: 77	gzip compressed data, from Unix, original size modulo 2^32 124947	1681F14CD9A2C9E0A4F5CFA3E10A4D46	ECB50FD243E34DB5EB86124D73B3E743D255EF7B	AB8E0EAE79807A9E84607471335C8F64CE5E18A0AA4D8D498A763EAF9319274F
Chrome Cache Entry: 78	ASCII text, with very long lines (508), with no line terminators	C54DEF9FB916B3346215559481C97088	EAF31BAAEE901358F4F185DE5A94BE166C3F9509	6971437160E24BEF15431EC581F76E899248477C11F77A993AAAFA32B44D8CBF
Chrome Cache Entry: 79	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	C30C7D42707A47A3F4591831641E50DC	9ECFCC8F0EAD0BF3D2D7C39E084B88F41CC89A2E	2B8AD2D33455A8F736FC3A8EBF8F0BDEA8848AD4C0DB48A2833BD0F9CD775932
Chrome Cache Entry: 80	JSON data	711F2B974358469668897686B586D48B	1AFB74D1FD3DE6E51D478635A871A5CFB1B90E98	424336C22BAE637A56AF7D4B7DB101F278BD588C59A9467CAEAD0E1F09F785AC
Chrome Cache Entry: 81	JSON data	C8DE9ED8EFB224AFF13747D96C627AC6	4FD3F4C2FF3B87BFF7C9FB83F63E086C743A1431	43BFD26998D5D6B33E635533F679EEE503B70862C3781DE68B5BAF2A7B5F8B7C

Phishing

AI detected suspicious URL

Source: URL

Joe Sandbox AI: AI detected IP in URL: http://143.198.34.238

HTML title does not match URL

Source: http://143.198.34.238/login

HTTP Parser: Title: Data Driven Stories does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Source: http://143.198.34.238/login

HTTP Parser: Has password / email / username input fields

Source: http://143.198.34.238/login

HTTP Parser: <input type="password" .../> found

Source: http://143.198.34.238/login	HTTP Parser: No <meta name="author".. found
Source: http://143.198.34.238/login	HTTP Parser: No <meta name="author".. found

Source: http://143.198.34.238/login	HTTP Parser: No <meta name="copyright".. found
Source: http://143.198.34.238/login	HTTP Parser: No <meta name="copyright".. found

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2828824 - Severity 1 - ETPRO PHISHING Suspicious HTTP Credential Post to IP Address - Possible Successful Phish : 192.168.2.7:49900 -> 143.198.34.238:80
Source: Network traffic	Suricata IDS: 2828824 - Severity 1 - ETPRO PHISHING Suspicious HTTP Credential Post to IP Address - Possible Successful Phish : 192.168.2.7:49822 -> 143.198.34.238:80
Source: Network traffic	Suricata IDS: 2828824 - Severity 1 - ETPRO PHISHING Suspicious HTTP Credential Post to IP Address - Possible Successful Phish : 192.168.2.7:50005 -> 143.198.34.238:80

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238
Source: unknown	TCP traffic detected without corresponding DNS query: 143.198.34.238

Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/css/7795c05b04346f32.css HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/webpack-fac0fa64469bd0d7.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/fd9d1056-b3a8d9cf9e5ca59d.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/472-4a4ed842288fadc9.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/main-app-ce281d8555633725.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveOrigin: http://143.198.34.238User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/app/login/layout-4cb945740f1cd4c3.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/749-a816bf4d35855418.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/app/login/page-a2f2fce6d057afb6.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/webpack-fac0fa64469bd0d7.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/media/img.bc2fb686.png HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://143.198.34.238/_next/static/css/7795c05b04346f32.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/749-a816bf4d35855418.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/app/login/page-a2f2fce6d057afb6.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/main-app-ce281d8555633725.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/app/login/layout-4cb945740f1cd4c3.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/472-4a4ed842288fadc9.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/fd9d1056-b3a8d9cf9e5ca59d.js HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/media/img.bc2fb686.png HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Referer: http://143.198.34.238/loginAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/providers HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F
Source: global traffic	HTTP traffic detected: GET /api/auth/csrf HTTP/1.1Host: 143.198.34.238Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: next-auth.csrf-token=3ea8952374ee61ff792c23f9a9d9397b0e7b1b4510650d34a5f01bedafc6f483%7C854649e981c245d11b4f16f07e4ce13f81cc24068a13006f352beba00fda8b9a; next-auth.callback-url=http%3A%2F%2F143.198.34.238%2F

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: unknown

Source: chromecache_65.4.dr, chromecache_81.4.dr	String found in binary or memory: http://143.198.34.238/api/auth/callback/credentials
Source: chromecache_65.4.dr, chromecache_81.4.dr	String found in binary or memory: http://143.198.34.238/api/auth/signin/credentials
Source: chromecache_69.4.dr, chromecache_61.4.dr	String found in binary or memory: http://ns.attribution.com/ads/1.0/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707

Source: classification engine

Classification label: sus21.win@16/39@2/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2204,i,2226652115409909841,90686907704941654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://143.198.34.238/login"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2204,i,2226652115409909841,90686907704941654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1592011
Product:	CloudBasic
Start time:	16:40:00
Start date:	15.01.2025
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://143.198.34.238/login

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://143.198.34.238/login

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://143.198.34.238/login