Windows Analysis Report
https://mail.valeshia.50-6-170-168.cprapid.com/

Overview

General Information

Sample URL: https://mail.valeshia.50-6-170-168.cprapid.com/
Analysis ID: 1487419
Infos:

Detection

Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
HTML body contains low number of good links
HTML title does not match URL
Suspicious form URL found

Classification

AV Detection

barindex
Source: https://mail.valeshia.50-6-170-168.cprapid.com/ Avira URL Cloud: detection malicious, Label: phishing
Source: https://mail.valeshia.50-6-170-168.cprapid.com/ SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering
Source: https://xin.50-6-170-168.cprapid.com/assets/css/add.css Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/additional/502b733210ea3fdd4bf8.woff2 Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/img/favicon-32.png Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/js/custom.js Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/css/login.css Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/additional/2a5dafc68ca015ca866a.woff2 Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/?verify Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/additional/8a6a40a08f92d9a9b3e5.woff2 Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/css/additional.css Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/js/jquery-min.js Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/additional/71371380d08a07cda58a.woff2 Avira URL Cloud: Label: phishing
Source: https://xin.50-6-170-168.cprapid.com/assets/css/login-min.css Avira URL Cloud: Label: phishing
Source: xin.50-6-170-168.cprapid.com Virustotal: Detection: 5% Perma Link
Source: mail.valeshia.50-6-170-168.cprapid.com Virustotal: Detection: 7% Perma Link
Source: https://xin.50-6-170-168.cprapid.com/?verify Virustotal: Detection: 7% Perma Link
Source: https://mail.valeshia.50-6-170-168.cprapid.com/ Virustotal: Detection: 7% Perma Link

Phishing

barindex
Source: https://xin.50-6-170-168.cprapid.com/sign/index.html LLM: Score: 10 Reasons: The domain 'xin.50-6-170-168.cprapid.com' is unusual and does not match the brand name 'coinbase'. The domain contains extra characters and an unusual domain extension, which is indicative of a phishing attempt. The minimalistic design and clean layout are often used to deceive users into thinking the site is legitimate, but the lack of a legitimate domain association and the presence of extra characters in the URL make it highly likely that this is a phishing site. The visual LLM's conclusion that this is a phishing attempt is supported by my independent analysis, and I concur that this site is likely to be a phishing attempt. DOM: 1.0.pages.csv
Source: https://xin.50-6-170-168.cprapid.com/sign/index.html HTTP Parser: Number of links: 0
Source: https://xin.50-6-170-168.cprapid.com/sign/index.html HTTP Parser: Title: Sign In - Coinbase does not match URL
Source: https://xin.50-6-170-168.cprapid.com/sign/index.html HTTP Parser: Form action: logs.php
Source: https://xin.50-6-170-168.cprapid.com/sign/index.html HTTP Parser: <input type="password" .../> found
Source: https://xin.50-6-170-168.cprapid.com/sign/index.html HTTP Parser: No <meta name="author".. found
Source: https://xin.50-6-170-168.cprapid.com/sign/index.html HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: mail.valeshia.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?verify HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sign/index.html HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/css/login.css HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xin.50-6-170-168.cprapid.com/sign/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/css/login-min.css HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xin.50-6-170-168.cprapid.com/sign/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/css/additional.css HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xin.50-6-170-168.cprapid.com/sign/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/js/jquery-min.js HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xin.50-6-170-168.cprapid.com/sign/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/js/custom.js HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xin.50-6-170-168.cprapid.com/sign/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/css/add.css HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xin.50-6-170-168.cprapid.com/sign/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /tailwindcss@%5E1.0/dist/tailwind.min.css HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xin.50-6-170-168.cprapid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/js/jquery-min.js HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tailwindcss@1.9.6/dist/tailwind.min.css HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xin.50-6-170-168.cprapid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/additional/8a6a40a08f92d9a9b3e5.woff2 HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://xin.50-6-170-168.cprapid.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://xin.50-6-170-168.cprapid.com/assets/css/login.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/additional/71371380d08a07cda58a.woff2 HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://xin.50-6-170-168.cprapid.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://xin.50-6-170-168.cprapid.com/assets/css/login.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/additional/502b733210ea3fdd4bf8.woff2 HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://xin.50-6-170-168.cprapid.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://xin.50-6-170-168.cprapid.com/assets/css/login.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/additional/2a5dafc68ca015ca866a.woff2 HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://xin.50-6-170-168.cprapid.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://xin.50-6-170-168.cprapid.com/assets/css/login.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/img/favicon-32.png HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xin.50-6-170-168.cprapid.com/sign/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/img/favicon-32.png HTTP/1.1Host: xin.50-6-170-168.cprapid.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: mail.valeshia.50-6-170-168.cprapid.com
Source: global traffic DNS traffic detected: DNS query: xin.50-6-170-168.cprapid.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: unpkg.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 03 Aug 2024 22:57:19 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 03 Aug 2024 22:57:23 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 03 Aug 2024 22:57:23 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 03 Aug 2024 22:57:23 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 03 Aug 2024 22:57:23 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: chromecache_62.2.dr String found in binary or memory: https://assets.coinbase.com/assets/CoinbaseIcons-1643819676120.c438df62647fc1c9689ed1e8819eadd0.woff
Source: chromecache_61.2.dr String found in binary or memory: https://unpkg.com/tailwindcss
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/audio_2x.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/audio_white_2x.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/boundingbox2.gif
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/canonical_bridge.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/canonical_car.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/canonical_other.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/canonical_road.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/canonical_speed_limit.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/canonical_street_name.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/checkbox_sprite.png)
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/checkmark_sprite.png)
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/download.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/download_white.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/image_2x.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/image_white_2x.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/info_2x.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/info_white_2x.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/loading.gif
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/logo_48.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/refresh_white_2x.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/stop_sign.jpg
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/undo_2x.png
Source: chromecache_57.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/api2/undo_white_2x.png
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: classification engine Classification label: mal80.phis.win@16/24@10/6
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,11503143160237951527,12372739071481928580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mail.valeshia.50-6-170-168.cprapid.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,11503143160237951527,12372739071481928580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected