Windows Analysis Report
https://pp-verificadisicurezza.it/

Overview

General Information

Sample URL:	https://pp-verificadisicurezza.it/
Analysis ID:	1417322
Infos:

Detection

PayPal Phisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected PayPal Phisher

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid T&C link found

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pp-verificadisicurezza.it/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://pp-verificadisicurezza.it/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://pp-verificadisicurezza.it/asset/contextualLoginElementalUI.css	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/asset/modernizr-2.6.1.js.download	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/jquery-3.5.1.min.js	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/logo.png	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/logo2.png	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/favicon.ico	Avira URL Cloud: Label: phishing

Phishing

Yara detected PayPal Phisher

Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://pp-verificadisicurezza.it/

Matcher: Found strong image similarity, brand: PAYPAL

Phishing site detected (based on logo match)

Source: https://pp-verificadisicurezza.it/	Matcher: Template: paypal matched
Source: https://pp-verificadisicurezza.it/	Matcher: Template: paypal matched

HTML body contains low number of good links

Source: https://pp-verificadisicurezza.it/

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://pp-verificadisicurezza.it/

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://pp-verificadisicurezza.it/

HTTP Parser: Title: PPal does not match URL

Invalid T&C link found

Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Privacy
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Accordi legali
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Privacy
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Accordi legali
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Privacy
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Accordi legali

Source: https://pp-verificadisicurezza.it/

HTTP Parser: <input type="password" .../> found

Source: https://pp-verificadisicurezza.it/	HTTP Parser: No favicon
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No favicon
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No favicon

Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="author".. found
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="author".. found
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="author".. found

Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="copyright".. found
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="copyright".. found
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 96.16.24.155:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.16.24.155:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.38
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.38
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.38
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.38
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.5.1.min.js HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /asset/contextualLoginElementalUI.css HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /asset/modernizr-2.6.1.js.download HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /logo2.png HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /logo2.png HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-verificadisicurezza.itsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /paypal-ui/fonts/PayPalSansBig-Regular.woff2 HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-verificadisicurezza.itsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /paypal-ui/fonts/PayPalSansBig-Medium.woff2 HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-verificadisicurezza.itsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webstatic/i/consumer/onboarding/sprite_form_2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Light.woff HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-verificadisicurezza.itsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webstatic/i/consumer/onboarding/sprite_form_2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: pp-verificadisicurezza.it

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: closeDate: Thu, 28 Mar 2024 23:16:05 GMTServer: Apache

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 96.16.24.155:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.16.24.155:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@16/29@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1944,i,7436487368452426476,12642597055219543241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pp-verificadisicurezza.it/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1944,i,7436487368452426476,12642597055219543241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.31.106	www.google.com	United States	15169	GOOGLEUS	false
151.101.130.133	paypal.map.fastly.net	United States	54113	FASTLYUS	false
217.160.0.233	pp-verificadisicurezza.it	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
151.101.2.133	unknown	United States	54113	FASTLYUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
paypal.map.fastly.net	151.101.130.133	true
www.google.com	142.250.31.106	true
pp-verificadisicurezza.it	217.160.0.233	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
www.paypalobjects.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff	false		high
https://pp-verificadisicurezza.it/asset/modernizr-2.6.1.js.download	false	Avira URL Cloud: phishing	unknown
https://www.paypalobjects.com/webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Light.woff	false		high
https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2	false		high
https://pp-verificadisicurezza.it/jquery-3.5.1.min.js	false	Avira URL Cloud: phishing	unknown
https://www.paypalobjects.com/webstatic/i/consumer/onboarding/sprite_form_2x.png	false		high
https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Regular.woff2	false		high
https://pp-verificadisicurezza.it/logo.png	false	Avira URL Cloud: phishing	unknown
https://pp-verificadisicurezza.it/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://pp-verificadisicurezza.it/	true		unknown
https://pp-verificadisicurezza.it/logo2.png	false	Avira URL Cloud: phishing	unknown
https://pp-verificadisicurezza.it/asset/contextualLoginElementalUI.css	false	Avira URL Cloud: phishing	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 51	Web Open Font Format, TrueType, length 47339, version 1.0	20F0F192DE040EDC17E47E61752E142F	713967BABDEFBC54DCEACB052776C67527AADA22	AE79DCC3EB016922CAA1D095CFD936446BC65A46BB3364B242DFC556F7E3C6A8
Chrome Cache Entry: 52	HTML document, Unicode text, UTF-8 text, with very long lines (583)	0782EE710C1D8E22CC981429B70A7F14	79EDE7429EA4FCBFFFA7F6B9BDA6EDC283156186	A4350658EFAD40568C6CEDFDF1C9D1801250F4E2DCC1C91D40AF4CCB94C45E60
Chrome Cache Entry: 53	Web Open Font Format, TrueType, length 46703, version 1.0	75DADB2E9D1D569B0320C420826E0E27	8BD7FFDC044DBDF5CADDE1CC790522FEEACF40A4	843E67AD522A908162007F4B7601819A5BBFEF00E38AC7AEC778766DA8B7B2AB
Chrome Cache Entry: 54	PNG image data, 48 x 1350, 8-bit colormap, non-interlaced	E976D5F77AF3247B2BC93EBABCC56D28	EBA66DA15CCD4C966187473F5AE82D1E1115F429	71B7B6197C430CD00E8CF4D1A72AE8217A5047F1DEFFD80F2AFFA7CC21B2B08C
Chrome Cache Entry: 55	PNG image data, 48 x 1350, 8-bit colormap, non-interlaced	E976D5F77AF3247B2BC93EBABCC56D28	EBA66DA15CCD4C966187473F5AE82D1E1115F429	71B7B6197C430CD00E8CF4D1A72AE8217A5047F1DEFFD80F2AFFA7CC21B2B08C
Chrome Cache Entry: 56	PNG image data, 640 x 640, 8-bit/color RGBA, non-interlaced	B1C4022ABA2457BEC56A7CCD156CCC82	158DB9D9F77FEB05BD76711E7799414726F39965	0F3865CC6457D894803208CF37A85C77316B841D42A27D054826E416C9404349
Chrome Cache Entry: 57	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 58	ASCII text, with no line terminators	442D5D4F736F476CE897C0E17DF5E508	0F27A2EE7BDC5393FBA6A7058BDE009C16FEA433	AEDCDB6B4F5FDB69488E44FF71B6062EF66BCF825D7459CEF8178613719E1FCD
Chrome Cache Entry: 59	Web Open Font Format (Version 2), TrueType, length 18508, version 1.6553	57518C06C06D691BD2DEF8D51DB1F1C2	DAB349042885997D8D08DB8DC38D0B4907635E2E	2AE6779C6C3579643AB6DEB5CFB822E843BF637D006A4EC25D9857EC7FB6D8C1
Chrome Cache Entry: 60	HTML document, ASCII text, with very long lines (3807), with no line terminators	A635A55DDB6339A3D0D01C641F670753	A6DEE4A1DF6C51B82CE2E67323514E7DE4E165D4	A6C3BFF965978DF8093C3A29F7071C21D7439A212AF41E7B40CE70D94D6BCC44
Chrome Cache Entry: 61	PNG image data, 640 x 640, 8-bit/color RGBA, non-interlaced	B1C4022ABA2457BEC56A7CCD156CCC82	158DB9D9F77FEB05BD76711E7799414726F39965	0F3865CC6457D894803208CF37A85C77316B841D42A27D054826E416C9404349
Chrome Cache Entry: 62	PNG image data, 109 x 108, 8-bit/color RGBA, non-interlaced	0945B9897ED56B0FA23657A498E95CBB	A2E7DFAEE066F87974260DF7DB70E31ED083F6CD	F94BBCDC85550617CE6A1A0A7FBBAC21916203913DFC34F3D964C26C6F289A16
Chrome Cache Entry: 63	Web Open Font Format (Version 2), CFF, length 25368, version 1.6553	186B9E5BE0671C3C941A2A4966BEB47A	0255BF2F48460EB212C93242740F5BEF01E858C4	1F70FF447ED799A34F4C3AE37EF1F49ED4AF71123BA2C2AEFE354565354284BE
Chrome Cache Entry: 64	ASCII text, with very long lines (65536), with no line terminators	F955847D72FD5D05F67C2B1C1149D754	F361A049F83F89318DC70625F8E423F5240100F3	01D22D817734AF994105EC6AB2A7C0682792B9360D81A5F6F80171E7D78F5E89
Chrome Cache Entry: 65	PNG image data, 109 x 108, 8-bit/color RGBA, non-interlaced	0945B9897ED56B0FA23657A498E95CBB	A2E7DFAEE066F87974260DF7DB70E31ED083F6CD	F94BBCDC85550617CE6A1A0A7FBBAC21916203913DFC34F3D964C26C6F289A16
Chrome Cache Entry: 66	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pp-verificadisicurezza.it/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://pp-verificadisicurezza.it/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://pp-verificadisicurezza.it/asset/contextualLoginElementalUI.css	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/asset/modernizr-2.6.1.js.download	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/jquery-3.5.1.min.js	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/logo.png	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/logo2.png	Avira URL Cloud: Label: phishing
Source: https://pp-verificadisicurezza.it/favicon.ico	Avira URL Cloud: Label: phishing

Phishing

Yara detected PayPal Phisher

Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://pp-verificadisicurezza.it/

Matcher: Found strong image similarity, brand: PAYPAL

Phishing site detected (based on logo match)

Source: https://pp-verificadisicurezza.it/	Matcher: Template: paypal matched
Source: https://pp-verificadisicurezza.it/	Matcher: Template: paypal matched

HTML body contains low number of good links

Source: https://pp-verificadisicurezza.it/

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://pp-verificadisicurezza.it/

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://pp-verificadisicurezza.it/

HTTP Parser: Title: PPal does not match URL

Invalid T&C link found

Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Privacy
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Accordi legali
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Privacy
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Accordi legali
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Privacy
Source: https://pp-verificadisicurezza.it/	HTTP Parser: Invalid link: Accordi legali

Source: https://pp-verificadisicurezza.it/

HTTP Parser: <input type="password" .../> found

Source: https://pp-verificadisicurezza.it/	HTTP Parser: No favicon
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No favicon
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No favicon

Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="author".. found
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="author".. found
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="author".. found

Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="copyright".. found
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="copyright".. found
Source: https://pp-verificadisicurezza.it/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 96.16.24.155:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.16.24.155:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 96.16.24.155
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.38
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.38
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.38
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.38
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.5.1.min.js HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /asset/contextualLoginElementalUI.css HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /asset/modernizr-2.6.1.js.download HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /logo2.png HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /logo2.png HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /logo.png HTTP/1.1Host: pp-verificadisicurezza.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: COOKIE_KEY=171166776395
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Regular.woff HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-verificadisicurezza.itsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /paypal-ui/fonts/PayPalSansBig-Regular.woff2 HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-verificadisicurezza.itsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /paypal-ui/fonts/PayPalSansBig-Medium.woff2 HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-verificadisicurezza.itsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webstatic/i/consumer/onboarding/sprite_form_2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webstatic/mktg/2014design/font/PP-Sans/PayPalSansSmall-Light.woff HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pp-verificadisicurezza.itsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pp-verificadisicurezza.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webstatic/i/consumer/onboarding/sprite_form_2x.png HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: pp-verificadisicurezza.it

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: closeDate: Thu, 28 Mar 2024 23:16:05 GMTServer: Apache

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 96.16.24.155:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.16.24.155:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@16/29@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1944,i,7436487368452426476,12642597055219543241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pp-verificadisicurezza.it/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1944,i,7436487368452426476,12642597055219543241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1417322
Product:	CloudBasic
Start time:	00:15:12
Start date:	29.03.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://pp-verificadisicurezza.it/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://pp-verificadisicurezza.it/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://pp-verificadisicurezza.it/