Analysis Report https://stgdjas.simplesite.com/

Overview

General Information

Sample URL: https://stgdjas.simplesite.com/
Analysis ID: 433276
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish10
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL
Suspicious form URL found

Classification

AV Detection:

barindex
Antivirus detection for URL or domain
Source: https://offi4hf.weebly.com/ SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Yara detected HtmlPhish10
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\6QB31PCD.htm, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\44816H94.htm, type: DROPPED
Phishing site detected (based on logo template match)
Source: https://offi4hf.weebly.com/ Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://offi4hf.weebly.com/ HTTP Parser: Number of links: 1
Source: https://offi4hf.weebly.com/ HTTP Parser: Number of links: 1
HTML title does not match URL
Source: https://offi4hf.weebly.com/ HTTP Parser: Title: Sign In does not match URL
Source: https://offi4hf.weebly.com/ HTTP Parser: Title: Sign In does not match URL
Suspicious form URL found
Source: https://offi4hf.weebly.com/ HTTP Parser: Form action: https://offi4hf.weebly.com/ajax/apps/formSubmitAjax.php
Source: https://offi4hf.weebly.com/ HTTP Parser: Form action: https://offi4hf.weebly.com/ajax/apps/formSubmitAjax.php
Source: https://offi4hf.weebly.com/ HTTP Parser: No <meta name="author".. found
Source: https://offi4hf.weebly.com/ HTTP Parser: No <meta name="author".. found
Source: https://offi4hf.weebly.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://offi4hf.weebly.com/ HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 52.222.158.113:443 -> 192.168.2.4:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.113:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.15:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.15:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.15:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.77:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.77:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: sdk[1].js0.2.dr String found in binary or memory: } }).call(global);})(window.inDapIF ? parent.window : window, window);} catch (e) {var i = new Image();i.crossOrigin = 'anonymous';i.dataset.testid = 'fbSDKErrorReport';i.src='https://www.facebook.com/platform/scribe_endpoint.php/?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber||e.line)+'","script":"'+(e.fileName||e.sourceURL||e.script||"sdk.js")+'","stack":"'+(e.stackTrace||e.stack)+'","revision":"1003951569","namespace":"FB","message":"'+e.message+'"}}');document.body.appendChild(i);} equals www.facebook.com (Facebook)
Source: sdk[1].js0.2.dr String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9d99cf98,0x01d75ec3</date><accdate>0x9d99cf98,0x01d75ec3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9d99cf98,0x01d75ec3</date><accdate>0x9d99cf98,0x01d75ec3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9da3590f,0x01d75ec3</date><accdate>0x9da3590f,0x01d75ec3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9da3590f,0x01d75ec3</date><accdate>0x9da3590f,0x01d75ec3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9da3590f,0x01d75ec3</date><accdate>0x9da3590f,0x01d75ec3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9da3590f,0x01d75ec3</date><accdate>0x9da3590f,0x01d75ec3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: 2FBPUZBU.htm.2.dr String found in binary or memory: <meta property="article:publisher" content="https://www.facebook.com/simplesite" /> equals www.facebook.com (Facebook)
Source: sdk[1].js0.2.dr String found in binary or memory: __d("FBPixelEndpoint",["invariant","FBEventsParamList","FBEventsUtils"],(function(a,b,c,d,e,f,g){"use strict";f.sendEvent=a;var h="https://www.facebook.com/tr/",i=location.href,j=window.top!==window,k=document.referrer;function l(a,c,d,e){e===void 0&&(e={});var f=new(b("FBEventsParamList"))();f.append("id",a);f.append("ev",c);f.append("dl",i);f.append("rl",k);f.append("if",j);f.append("ts",new Date().valueOf());f.append("cd",d);f.append("sw",window.screen.width);f.append("sh",window.screen.height);for(var g in e)f.append(g,e[g]);return f}function a(a,b,c,d){a=l(a,b,c,d);b=a.toQueryString();2048>(h+"?"+b).length?m(h,b):n(h,a)}function m(a,b){var c=new Image();c.src=a+"?"+b}function n(a,c){var d="fb"+Math.random().toString().replace(".",""),e=document.createElement("form");e.method="post";e.action=a;e.target=d;e.acceptCharset="utf-8";e.style.display="none";a=!!(window.attachEvent&&!window.addEventListener);a=a?'<iframe name="'+d+'">':"iframe";var f=document.createElement(a);f instanceof HTMLIFrameElement||g(0,20659);f.src="javascript:false";f.id=d;f.name=d;e.appendChild(f);b("FBEventsUtils").listenOnce(f,"load",function(){c.each(function(a,b){var c=document.createElement("input");c.name=a;c.value=b;e.appendChild(c)}),b("FBEventsUtils").listenOnce(f,"load",function(){var a;(a=e.parentNode)==null?void 0:a.removeChild(e)}),e.submit()});(a=document.body)==null?void 0:a.appendChild(e)}}),null); equals www.facebook.com (Facebook)
Source: unknown DNS traffic detected: queries for: stgdjas.simplesite.com
Source: ionicons.min[1].css.2.dr String found in binary or memory: http://creativecommons.org/licenses/by/4.0/
Source: ionicons[1].eot.2.dr String found in binary or memory: http://fontforge.sf.net)
Source: ionicons[1].eot.2.dr String found in binary or memory: http://fontforge.sf.net)Created
Source: ionicons[1].eot.2.dr String found in binary or memory: http://fontforge.sf.net)IoniconsIoniconsMediumMediumFontForge
Source: plugins[1].js.2.dr String found in binary or memory: http://hammerjs.github.io/
Source: ionicons.min[1].css.2.dr String found in binary or memory: http://ionicons.com/
Source: jquery.revealer[1].js.2.dr, jquery.trend[1].js.2.dr String found in binary or memory: http://pixelunion.net
Source: 2FBPUZBU.htm.2.dr String found in binary or memory: http://stgdjas.simplesite.com/
Source: msapplication.xml.1.dr String found in binary or memory: http://www.amazon.com/
Source: arrow-light[1].svg.2.dr, logotype[1].svg.2.dr String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: ga[1].js.2.dr String found in binary or memory: http://www.google-analytics.com
Source: msapplication.xml1.1.dr String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr String found in binary or memory: http://www.reddit.com/
Source: 2FBPUZBU.htm.2.dr String found in binary or memory: http://www.simplesite.com/pages/receive.aspx?partnerkey=123i%3afooterbanner&referercustomerid=295973
Source: msapplication.xml5.1.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr String found in binary or memory: http://www.youtube.com/
Source: loader[1].js.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/%
Source: 44816H94.htm.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=85161
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=749920
Source: footerSignup[1].js.2.dr String found in binary or memory: https://cdn2.editmysite.com/js/
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: fa-regular-400[1].eot.2.dr, fontawesome-all[1].css.2.dr String found in binary or memory: https://fontawesome.com
Source: fontawesome-all[1].css.2.dr String found in binary or memory: https://fontawesome.com/license/free
Source: fa-regular-400[1].eot.2.dr, fa-solid-900[1].eot.2.dr String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaE0lM.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTD-JqaHUlM.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aE0lM.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBIXvYC6trAT55ZBi1ueQVIjQTDH52aHUlM.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBKXvYC6trAT7RQNNK2EG7SIwPWMNlCV3lGb7U.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/karla/v15/qkBKXvYC6trAT7RQNNK2EG7SIwPWMNmlUHlGb7U.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwaPHw.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-ciZK.woff)
Source: css[1].css1.2.dr String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs169vsUhiYw.woff)
Source: css[1].css1.2.dr String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUhiYw.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiYw.woff)
Source: css[1].css1.2.dr String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUhiYw.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrlnANW6Cp8.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xoDF4xlVMF-BfR8bXMIjhOsXG-q2oeuFoqFrmAB9W6Cp8.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v13/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2_ROW-.woff)
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://gist.github.com/megawac/8201012
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://gist.github.com/megawac/8355978
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://github.com/WebKit/webkit/blob/master/Source/WebCore/dom/MutationObserver.cpp
Source: 2FBPUZBU.htm.2.dr String found in binary or memory: https://github.com/codejoust/session.js
Source: ionicons.min[1].css.2.dr String found in binary or memory: https://github.com/driftyco/ionicons
Source: ionicons.min[1].css.2.dr String found in binary or memory: https://github.com/google/material-design-icons
Source: MutationObserver[1].js.2.dr String found in binary or memory: https://github.com/megawac/MutationObserver.js
Source: sdk[1].js0.2.dr String found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
Source: loader[1].js.2.dr String found in binary or memory: https://maps-api-ssl.google.com/maps?jsapiRedirect=true&file=googleapi
Source: loader[1].js.2.dr String found in binary or memory: https://maps.googleapis.com/maps/api/js?jsapiRedirect=true
Source: {C713310B-CAB6-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://offi4hf.w
Source: {C713310B-CAB6-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://offi4hf.weebly
Source: 2FBPUZBU.htm.2.dr String found in binary or memory: https://offi4hf.weebly.com
Source: ~DFF7C87180A599BF81.TMP.1.dr String found in binary or memory: https://offi4hf.weebly.com/
Source: imagestore.dat.2.dr String found in binary or memory: https://offi4hf.weebly.com/favicon.ico
Source: ~DFF7C87180A599BF81.TMP.1.dr String found in binary or memory: https://offi4hf.weebly.com/om/
Source: ~DFF7C87180A599BF81.TMP.1.dr String found in binary or memory: https://offi4hf.weebly.com/om/z
Source: 44816H94.htm.2.dr String found in binary or memory: https://offi4hf.weebly.com/uploads/1/3/7/9/137998350/homail-n2-origsign-in-options-2-1_orig.png
Source: 44816H94.htm.2.dr String found in binary or memory: https://offi4hf.weebly.com/uploads/1/3/7/9/137998350/mirosoft-1sign-in-1_orig.png
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: sdk[1].js0.2.dr String found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
Source: ga[1].js.2.dr String found in binary or memory: https://ssl.google-analytics.com
Source: ga[1].js.2.dr String found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
Source: ga[1].js.2.dr String found in binary or memory: https://stats.g.doubleclick.net/j/collect?
Source: {C713310B-CAB6-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://stgdjas.simple
Source: ~DFF7C87180A599BF81.TMP.1.dr, {C713310B-CAB6-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://stgdjas.simplesite.com/
Source: {C713310B-CAB6-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://stgdjas.simplesite.com/FOFFICE
Source: {C713310B-CAB6-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://stgdjas.simplesite.com/Root
Source: ~DFF7C87180A599BF81.TMP.1.dr String found in binary or memory: https://stgdjas.simplesite.com/amFiles(x86)=C:
Source: imagestore.dat.2.dr String found in binary or memory: https://stgdjas.simplesite.com/favicon-194x194.pngK
Source: {C713310B-CAB6-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://stgdjas.simplesite.com/site.com/Root
Source: ~DFF7C87180A599BF81.TMP.1.dr String found in binary or memory: https://stgdjas.simplesite.com/z
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: ionicons.min[1].css.2.dr String found in binary or memory: https://twitter.com/benjsperry
Source: ionicons.min[1].css.2.dr String found in binary or memory: https://twitter.com/ionicframework
Source: plugins[1].js.2.dr String found in binary or memory: https://twitter.com/jacobrossi/status/480596438489890816
Source: ga[1].js.2.dr String found in binary or memory: https://www.google.%/ads/ga-audiences?
Source: ga[1].js.2.dr String found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: recaptcha__en[1].js.2.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: 44816H94.htm.2.dr String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: 2FBPUZBU.htm.2.dr String found in binary or memory: https://www.google.com/recaptcha/api.js?render=explicit&hl=en
Source: recaptcha__en[1].js.2.dr, api[1].js0.2.dr, api[1].js.2.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: loader[1].js.2.dr String found in binary or memory: https://www.gstatic.cn/charts/%
Source: loader[1].js.2.dr String found in binary or memory: https://www.gstatic.cn/charts/debug/%
Source: loader[1].js.2.dr String found in binary or memory: https://www.gstatic.com/charts/%
Source: loader[1].js.2.dr String found in binary or memory: https://www.gstatic.com/charts/debug/%
Source: jsapi[1].htm.2.dr String found in binary or memory: https://www.gstatic.com/charts/loader.js?callback=gloader_ready
Source: loader[1].js.2.dr String found in binary or memory: https://www.gstatic.com/inputtools/js/ita/inputtools_3.js
Source: api[1].js0.2.dr, api[1].js.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/recaptcha__en.js
Source: sdk[1].js0.2.dr String found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: 44816H94.htm.2.dr String found in binary or memory: https://www.weebly.com/signup?utm_source=internal&utm_medium=footer
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown HTTPS traffic detected: 52.222.158.113:443 -> 192.168.2.4:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.113:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.15:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.15:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.15:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.77:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.222.158.77:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: classification engine Classification label: mal60.phis.win@3/92@9/7
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C7133109-CAB6-11EB-90EB-ECF4BBEA1588}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DFDA317FA3CDAE8B78.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5856 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5856 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 433276 URL: https://stgdjas.simplesite.com/ Startdate: 11/06/2021 Architecture: WINDOWS Score: 60 17 stgdjas.simplesite.com 2->17 25 Antivirus detection for URL or domain 2->25 27 Yara detected HtmlPhish10 2->27 29 Phishing site detected (based on logo template match) 2->29 7 iexplore.exe 6 75 2->7         started        signatures3 process4 process5 9 iexplore.exe 8 172 7->9         started        dnsIp6 19 pages-wildcard.weebly.com 199.34.228.53, 443, 49755, 49756 WEEBLYUS United States 9->19 21 weebly.map.fastly.net 151.101.1.46, 443, 49761, 49762 FASTLYUS United States 9->21 23 10 other IPs or domains 9->23 13 C:\Users\user\AppData\Local\...\6QB31PCD.htm, HTML 9->13 dropped 15 C:\Users\user\AppData\Local\...\44816H94.htm, HTML 9->15 dropped file7
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
31.13.92.14
 scontent.xx.fbcdn.net Ireland
32934 FACEBOOKUS false
151.101.1.46
 weebly.map.fastly.net United States
54113 FASTLYUS false
52.43.249.183
 sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com United States
16509 AMAZON-02US false
199.34.228.53
 pages-wildcard.weebly.com United States
27647 WEEBLYUS false
52.222.158.15
 css.simplesite.com United States
16509 AMAZON-02US false
52.222.158.77
 www.simplesite.com United States
16509 AMAZON-02US false
52.222.158.113
 stgdjas.simplesite.com United States
16509 AMAZON-02US false

Contacted Domains

Name IP Active
css.simplesite.com 52.222.158.15 true
pages-wildcard.weebly.com 199.34.228.53 true
scontent.xx.fbcdn.net 31.13.92.14 true
stgdjas.simplesite.com 52.222.158.113 true
sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com 52.43.249.183 true
www.simplesite.com 52.222.158.77 true
weebly.map.fastly.net 151.101.1.46 true
ec.editmysite.com unknown unknown
cdn2.editmysite.com unknown unknown
fpdownload.macromedia.com unknown unknown
offi4hf.weebly.com unknown unknown
connect.facebook.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://stgdjas.simplesite.com/ false
    		high
    https://offi4hf.weebly.com/ false
    • SlashNext: Fake Login Page type: Phishing & Social Engineering
    		 high