Windows Analysis Report
https://thehitchhouse.pages.dev/

Overview

General Information

Sample URL:	https://thehitchhouse.pages.dev/
Analysis ID:	1432426
Infos:

Detection

HTMLPhisher

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Yara detected HtmlPhish10

Yara detected HtmlPhish44

Yara detected HtmlPhish7

Yara detected obfuscated html page

Phishing site detected (based on image similarity)

Phishing site or detected (based on various text indicators)

HTML body contains password input but no form action

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://thehitchhouse.pages.dev/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://thehitchhouse.pages.dev/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://thehitchhouse.pages.dev/css/hover.css	Avira URL Cloud: Label: phishing
Source: https://thehitchhouse.pages.dev/favicon.ico	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for submitted file

Source: https://thehitchhouse.pages.dev/

Virustotal: Detection: 25%

Perma Link

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match	File source: dropped/chromecache_87, type: DROPPED
Source: Yara match	File source: dropped/chromecache_68, type: DROPPED
Source: Yara match	File source: dropped/chromecache_70, type: DROPPED

Yara detected HtmlPhish7

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Yara detected obfuscated html page

Source: Yara match	File source: dropped/chromecache_87, type: DROPPED
Source: Yara match	File source: dropped/chromecache_68, type: DROPPED
Source: Yara match	File source: dropped/chromecache_70, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://thehitchhouse.pages.dev/

Matcher: Found strong image similarity, combo hit

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.0

OCR Text: Adobe Document Cloud Because you are accessing sensitive info, you need to verify your email and password. Sign in with Gmail Sign in with Outlook Sign in with AOI Sign in with Office365 Sign in with Yahoo! o Sign in with Other Mail Go to your all file anywhere on any device, and share them with anyone. One Drive your shared document in one cloud. OneDrive 2024

HTML body contains password input but no form action

Source: https://thehitchhouse.pages.dev/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://thehitchhouse.pages.dev/

HTTP Parser: <input type="password" .../> found

Source: https://thehitchhouse.pages.dev/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.184.112:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://thehitchhouse.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://thehitchhouse.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://thehitchhouse.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://thehitchhouse.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=58901-58901If-Range: "264c7f54ba1f83e2ed1f66bf4a0ff555"
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: thehitchhouse.pages.dev
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: kit.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ka-f.fontawesome.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=W%2BUMUxSJyhaKgZBlOkOoA%2Fg5jP%2FO6QUKmoPRZqbgobyTJdbmEho1MOl8AIuW68v0EbtmWq0PG7Q%2F7EA9mIfIb5KJRCXVL4sMbghYsNZTCyyw1JaWqjOJxQj9rmIvPwl73bu9w16MRt5AAQ%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 437Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_83.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_69.2.dr, chromecache_86.2.dr, chromecache_79.2.dr, chromecache_72.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_69.2.dr, chromecache_86.2.dr, chromecache_79.2.dr, chromecache_72.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_88.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v22/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: chromecache_90.2.dr, chromecache_71.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_90.2.dr, chromecache_71.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_64.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: chromecache_64.2.dr	String found in binary or memory: https://kit.fontawesome.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.184.112:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.win@16/50@20/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2528,i,11816134302333208419,13545766224281690287,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://thehitchhouse.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2528,i,11816134302333208419,13545766224281690287,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.66.46.224	thehitchhouse.pages.dev	United States	13335	CLOUDFLARENETUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.251.41.4	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
thehitchhouse.pages.dev	172.66.46.224	true
a.nel.cloudflare.com	35.190.80.1	true
code.jquery.com	151.101.2.137	true
cdnjs.cloudflare.com	104.17.25.14	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
www.google.com	142.251.41.4	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
ka-f.fontawesome.com	unknown	unknown
kit.fontawesome.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false		high
https://a.nel.cloudflare.com/report/v4?s=cFS6PEbHJfqCevtbhIsAYlrmapvoDTS%2F1DFGi3pqp8CcknyRqA8528nJjb%2BjhlD3ZFaL3lS9au5JJOHbBHarN5KQ40d2ZWmcDr7PzrLdo8clL8pWGrL6kiOSF4TYxbliBs2xFZns5aojTw%3D%3D	false		high
https://code.jquery.com/jquery-3.2.1.slim.min.js	false		high
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://thehitchhouse.pages.dev/css/hover.css	false	Avira URL Cloud: phishing	unknown
https://thehitchhouse.pages.dev/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false		high
https://thehitchhouse.pages.dev/	true		unknown
https://a.nel.cloudflare.com/report/v4?s=W%2BUMUxSJyhaKgZBlOkOoA%2Fg5jP%2FO6QUKmoPRZqbgobyTJdbmEho1MOl8AIuW68v0EbtmWq0PG7Q%2F7EA9mIfIb5KJRCXVL4sMbghYsNZTCyyw1JaWqjOJxQj9rmIvPwl73bu9w16MRt5AAQ%3D%3D	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 64	ASCII text, with very long lines (11461)	55D343A40C7166A79FD314F13CBB2E93	96904A849C32CA220E0AAA2AE3E81CF2B5CDF764	A1F75D6278713A84A8F28A392C77CA8A6A7C32BF14314D4A34A6CE2F06CFDF7A
Chrome Cache Entry: 65	PNG image data, 253 x 218, 8-bit/color RGBA, non-interlaced	EC9CBC1048239B3927AD0276FC983019	17C27C038644BDB141381B606C7C94A177C07326	F8A8CF4F1928938C796E2F35F8C21B0D510D4E3F16E016EE83D1F206F8EBDE14
Chrome Cache Entry: 66	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced	A5CDADD60382E9AE6228121542EB1C2A	CEC15F6470D0237569E931D7D11752B41AC5D8A3	71E729939E175F4AE9D3FCC645D6B7389EC341A47A84950E047197331FDC22F1
Chrome Cache Entry: 67	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced	6843A244E12FAB158AA189680B5E7049	0E1C691F87CC4FA35C88344974F2829C40176B70	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
Chrome Cache Entry: 68	HTML document, ASCII text, with very long lines (65462), with CRLF line terminators	357162723FBFD655A92559E75779D6E2	1281D1FB41B6A71E9A2C35B750DA2EC5A6A99469	C1F2BEF1973C646FF7F135399BB79C680CC97273C1D1A39807E2A6FFF7493CA1
Chrome Cache Entry: 69	ASCII text, with very long lines (60130)	A12EC7EBE75A4D59A5DD6B79E2BA2E16	28F5DCC595EE6D4163481EF64170180502C8629B	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
Chrome Cache Entry: 70	HTML document, ASCII text, with very long lines (65462), with CRLF line terminators	357162723FBFD655A92559E75779D6E2	1281D1FB41B6A71E9A2C35B750DA2EC5A6A99469	C1F2BEF1973C646FF7F135399BB79C680CC97273C1D1A39807E2A6FFF7493CA1
Chrome Cache Entry: 71	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 72	ASCII text, with very long lines (60130)	A12EC7EBE75A4D59A5DD6B79E2BA2E16	28F5DCC595EE6D4163481EF64170180502C8629B	FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
Chrome Cache Entry: 73	ASCII text, with no line terminators	4C42AB4890733A2B01B1B3269C4855E7	5B68BFE664DCBC629042EA45C23954EEF1A9F698	F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
Chrome Cache Entry: 74	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced	C3FC46C5799C76F9107504028F39190F	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
Chrome Cache Entry: 75	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced	DCE2F2B0E50CB1DBB0246D152791CB46	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
Chrome Cache Entry: 76	PNG image data, 151 x 151, 8-bit/color RGBA, non-interlaced	4458CD0A6DF7DEABDFF0B99BD5905EC9	45A8B436D07D7ED7973B87A1C393D6973AFE6FB5	AAD24ED5F36320964C515B9889CB2943BBF830B40703999AD3976FCE8176E554
Chrome Cache Entry: 77	PNG image data, 151 x 151, 8-bit/color RGBA, non-interlaced	4458CD0A6DF7DEABDFF0B99BD5905EC9	45A8B436D07D7ED7973B87A1C393D6973AFE6FB5	AAD24ED5F36320964C515B9889CB2943BBF830B40703999AD3976FCE8176E554
Chrome Cache Entry: 78	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced	9CFA8C18FD226F29D38A8272C04C5F23	811E2D3C8806D07F6927A891856C051894C5A339	13414930ADEB5DB9B7A8E396BE2AEADF2BE6EB7AA9A768876BAE79CBDDF01AB5
Chrome Cache Entry: 79	ASCII text, with very long lines (26500)	76F34B71FC9FB641507FF6A822CC07F5	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
Chrome Cache Entry: 80	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 81	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced	DCE2F2B0E50CB1DBB0246D152791CB46	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
Chrome Cache Entry: 82	PNG image data, 253 x 218, 8-bit/color RGBA, non-interlaced	EC9CBC1048239B3927AD0276FC983019	17C27C038644BDB141381B606C7C94A177C07326	F8A8CF4F1928938C796E2F35F8C21B0D510D4E3F16E016EE83D1F206F8EBDE14
Chrome Cache Entry: 83	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 84	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced	6843A244E12FAB158AA189680B5E7049	0E1C691F87CC4FA35C88344974F2829C40176B70	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
Chrome Cache Entry: 85	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced	C3FC46C5799C76F9107504028F39190F	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
Chrome Cache Entry: 86	ASCII text, with very long lines (26500)	76F34B71FC9FB641507FF6A822CC07F5	73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4	6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
Chrome Cache Entry: 87	HTML document, ASCII text, with very long lines (65462), with CRLF line terminators	357162723FBFD655A92559E75779D6E2	1281D1FB41B6A71E9A2C35B750DA2EC5A6A99469	C1F2BEF1973C646FF7F135399BB79C680CC97273C1D1A39807E2A6FFF7493CA1
Chrome Cache Entry: 88	ASCII text	7BE6170E0A828586DA13D24BD8B5DF5B	0B0A3446427EE7B5D707435A5910949A0CF4D33D	2BC55CCCEF92CA55D0D6FA4FC66BF1064EC6B35D8BCD2B75EB561DEA0F4BBE72
Chrome Cache Entry: 89	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced	A5CDADD60382E9AE6228121542EB1C2A	CEC15F6470D0237569E931D7D11752B41AC5D8A3	71E729939E175F4AE9D3FCC645D6B7389EC341A47A84950E047197331FDC22F1
Chrome Cache Entry: 90	ASCII text, with very long lines (65325)	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
Chrome Cache Entry: 91	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 92	ASCII text, with very long lines (32030)	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
Chrome Cache Entry: 93	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced	9CFA8C18FD226F29D38A8272C04C5F23	811E2D3C8806D07F6927A891856C051894C5A339	13414930ADEB5DB9B7A8E396BE2AEADF2BE6EB7AA9A768876BAE79CBDDF01AB5

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://thehitchhouse.pages.dev/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://thehitchhouse.pages.dev/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://thehitchhouse.pages.dev/css/hover.css	Avira URL Cloud: Label: phishing
Source: https://thehitchhouse.pages.dev/favicon.ico	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for submitted file

Source: https://thehitchhouse.pages.dev/

Virustotal: Detection: 25%

Perma Link

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match	File source: dropped/chromecache_87, type: DROPPED
Source: Yara match	File source: dropped/chromecache_68, type: DROPPED
Source: Yara match	File source: dropped/chromecache_70, type: DROPPED

Yara detected HtmlPhish7

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Yara detected obfuscated html page

Source: Yara match	File source: dropped/chromecache_87, type: DROPPED
Source: Yara match	File source: dropped/chromecache_68, type: DROPPED
Source: Yara match	File source: dropped/chromecache_70, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://thehitchhouse.pages.dev/

Matcher: Found strong image similarity, combo hit

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.0

HTML body contains password input but no form action

Source: https://thehitchhouse.pages.dev/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://thehitchhouse.pages.dev/

HTTP Parser: <input type="password" .../> found

Source: https://thehitchhouse.pages.dev/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.184.112:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.184.112
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://thehitchhouse.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://thehitchhouse.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://thehitchhouse.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://thehitchhouse.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Range: bytes=58901-58901If-Range: "264c7f54ba1f83e2ed1f66bf4a0ff555"
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thehitchhouse.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: thehitchhouse.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: thehitchhouse.pages.dev
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: kit.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ka-f.fontawesome.com

Source: unknown

Source: chromecache_83.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_69.2.dr, chromecache_86.2.dr, chromecache_79.2.dr, chromecache_72.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_69.2.dr, chromecache_86.2.dr, chromecache_79.2.dr, chromecache_72.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_88.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v22/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: chromecache_90.2.dr, chromecache_71.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_90.2.dr, chromecache_71.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_71.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_64.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: chromecache_64.2.dr	String found in binary or memory: https://kit.fontawesome.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.184.112:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.win@16/50@20/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2528,i,11816134302333208419,13545766224281690287,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://thehitchhouse.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2528,i,11816134302333208419,13545766224281690287,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1432426
Product:	CloudBasic
Start time:	02:00:24
Start date:	27.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://thehitchhouse.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://thehitchhouse.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://thehitchhouse.pages.dev/