Windows Analysis Report https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com

Overview

General Information

Sample URL: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com
Analysis ID: 451781
Infos:

Most interesting Screenshot:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain

Classification

AV Detection:

barindex
Antivirus detection for URL or domain
Source: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/ SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.129.49:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49782 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49779 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49778 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.85.166.2:443 -> 192.168.2.3:49784 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: accounts.google.com
Source: 77EC63BDA74BD0D0E0426DC8F8008506.3.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://a8447815042.cdn-pci.optimizely.com
Source: 000003.log0.1.dr String found in binary or memory: https://a8447815042.cdn-pci.optimizely.com/
Source: Current Session.1.dr String found in binary or memory: https://a8447815042.cdn-pci.optimizely.com/client_storage/a8447815042.html
Source: manifest.json0.1.dr, b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://accounts.google.com
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://ajax.googleapis.com
Source: 74311c0e3e66331c_0.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Source: manifest.json0.1.dr, b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://apis.google.com
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://cdn-pci.optimizely.com
Source: ae098cd8dbd85cff_0.1.dr String found in binary or memory: https://cdn-pci.optimizely.com/js/8447815042.js
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://cdn2.editmysite.com
Source: aaac454c7a47ef97_0.1.dr, f89f7e7838e80932_0.1.dr String found in binary or memory: https://cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1626451745&
Source: f89f7e7838e80932_0.1.dr String found in binary or memory: https://cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1626451745&aD
Source: c6f1b96f2bd4cb87_0.1.dr String found in binary or memory: https://cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1626451745
Source: e455005d93714f85_0.1.dr String found in binary or memory: https://cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1626451745
Source: 3a339e396f7239b0_0.1.dr String found in binary or memory: https://cdn2.editmysite.com/js/site/main.js?buildTime=1626451745
Source: 7d025005377e9f42_0.1.dr String found in binary or memory: https://cdn2.editmysite.com/js/wsnbn/snowday262.js
Source: b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://content.googleapis.com
Source: e00fce2f-3619-4a99-a437-9050c675a439.tmp.3.dr, b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, 8f865e0e-bc66-489e-bad3-de7a3f10b33e.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://dns.google
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://ec.editmysite.com
Source: manifest.json0.1.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.googleapis.com;
Source: b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.1.dr String found in binary or memory: https://hangouts.google.com/
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://js.squareup.com
Source: 1aca67af3555bdc3_0.1.dr String found in binary or memory: https://js.squareup.com/v2/paymentform
Source: b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://play.google.com
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://r4---sn-h0jelne7.gvt1.com
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.1.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 000003.log3.1.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://squareup.com
Source: Current Session.1.dr String found in binary or memory: https://squareup.com/
Source: ae098cd8dbd85cff_0.1.dr String found in binary or memory: https://squareup.com/G
Source: Favicons.1.dr String found in binary or memory: https://squareup.com/favicon.ico
Source: Favicons.1.dr String found in binary or memory: https://squareup.com/favicon.icoQ
Source: History.1.dr, History Provider Cache.1.dr String found in binary or memory: https://squareup.com/logout?return_to=https://squareup.com/signup?v%3Dweebly-sso%26weebly_sso_enable
Source: History.1.dr, History Provider Cache.1.dr String found in binary or memory: https://squareup.com/signup?app=weebly&country_code=ch&return_to=https%3A%2F%2Fwww.weebly.com%2Fapp%
Source: History.1.dr, History Provider Cache.1.dr String found in binary or memory: https://squareup.com/signup?v=weebly-sso&weebly_sso_enabled=true&app=weebly&return_to=https://www.we
Source: cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://ssl.google-analytics.com
Source: 2d3b34dafdfa3a16_0.1.dr String found in binary or memory: https://ssl.google-analytics.com/ga.js
Source: b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json83.1.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 000003.log3.1.dr String found in binary or memory: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com
Source: Current Session.1.dr, 000003.log0.1.dr String found in binary or memory: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/
Source: History Provider Cache.1.dr String found in binary or memory: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/25https://uifecc.labour.gov.za/covi
Source: Current Session.1.dr String found in binary or memory: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/5https://uifecc.labour.gov.za/covid
Source: Current Session.1.dr String found in binary or memory: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/ajax/apps/formSubmitAjax.php
Source: Favicons.1.dr String found in binary or memory: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/favicon.ico
Source: c33ef74662ea488c_0.1.dr String found in binary or memory: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/files/theme/custom.js?1556830342
Source: d07aef6fcdc60f65_0.1.dr String found in binary or memory: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/files/theme/plugins.js?1556830342
Source: History.1.dr String found in binary or memory: https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/https://uifecc.labour.gov.za/covid1
Source: 2d3b34dafdfa3a16_0.1.dr, 2c1fe0aa61fb2985_0.1.dr String found in binary or memory: https://weebly.com/
Source: 3a339e396f7239b0_0.1.dr String found in binary or memory: https://weebly.com/7~
Source: 74311c0e3e66331c_0.1.dr String found in binary or memory: https://weebly.com/V
Source: 7d025005377e9f42_0.1.dr String found in binary or memory: https://weebly.com/w
Source: manifest.json0.1.dr, b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr String found in binary or memory: https://www.google.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.google.com;
Source: b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: b36d9b81-d411-4eb4-b1d3-aa7f2a752b44.tmp.3.dr, cc77e9e5-3c94-426d-a8dd-6ac2814bea4d.tmp.3.dr String found in binary or memory: https://www.gstatic.com
Source: 2c1fe0aa61fb2985_0.1.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js
Source: manifest.json0.1.dr String found in binary or memory: https://www.gstatic.com;
Source: Favicons.1.dr String found in binary or memory: https://www.weebly.com/app/front-door/signup
Source: History Provider Cache.1.dr String found in binary or memory: https://www.weebly.com/app/front-door/signup2
Source: History.1.dr String found in binary or memory: https://www.weebly.com/app/front-door/signupSign
Source: Favicons.1.dr, Current Session.1.dr String found in binary or memory: https://www.weebly.com/signup?utm_source=internal&utm_medium=footer
Source: History Provider Cache.1.dr String found in binary or memory: https://www.weebly.com/signup?utm_source=internal&utm_medium=footer2
Source: History.1.dr String found in binary or memory: https://www.weebly.com/signup?utm_source=internal&utm_medium=footerSign
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.43.249.183:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.115.50.109:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.129.49:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.1.49:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49781 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49782 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49779 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49778 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.45.34.218:443 -> 192.168.2.3:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.85.166.2:443 -> 192.168.2.3:49784 version: TLS 1.2
Source: classification engine Classification label: mal48.win@33/186@15/19
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60F84DDC-157C.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\15f824b8-e6cf-4211-8acb-6b1cf1044a99.tmp Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,5205467120738727422,1112243072736055841,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,5205467120738727422,1112243072736055841,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 451781 URL: https://uifecc-labour-gov-z... Startdate: 21/07/2021 Architecture: WINDOWS Score: 48 24 Antivirus detection for URL or domain 2->24 6 chrome.exe 14 409 2->6         started        process3 dnsIp4 12 192.168.2.1 unknown unknown 6->12 14 192.168.2.20 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 9 chrome.exe 34 6->9         started        process5 dnsIp6 18 pages-wildcard.weebly.com 199.34.228.53, 443, 49710, 49711 WEEBLYUS United States 9->18 20 weebly.com 74.115.50.109, 443, 49757, 49758 WEEBLYUS United States 9->20 22 26 other IPs or domains 9->22
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
74.122.190.85
 pci-connect.squareup.com United States
15211 SQUAREUS false
142.250.203.110
 clients.l.google.com United States
15169 GOOGLEUS false
52.45.34.218
 client-error-log-962704628.us-east-1.elb.amazonaws.com United States
14618 AMAZON-AESUS false
172.217.168.40
 ssl-google-analytics.l.google.com United States
15169 GOOGLEUS false
199.34.228.53
 pages-wildcard.weebly.com United States
27647 WEEBLYUS false
172.217.168.68
 www.google.com United States
15169 GOOGLEUS false
172.217.168.45
 accounts.google.com United States
15169 GOOGLEUS false
142.250.203.97
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
172.217.168.3
 gstaticadssl.l.google.com United States
15169 GOOGLEUS false
151.101.1.46
 weebly.map.fastly.net United States
54113 FASTLYUS false
151.101.1.49
 squareup.map.fastly.net United States
54113 FASTLYUS false
52.43.249.183
 sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com United States
16509 AMAZON-02US false
74.115.50.109
 weebly.com United States
27647 WEEBLYUS false
239.255.255.250
 unknown Reserved
unknown unknown false
54.85.166.2
 p13nlog-1106815646.us-east-1.elb.amazonaws.com United States
14618 AMAZON-AESUS false
151.101.129.49
 squareup.com United States
54113 FASTLYUS false

Private
IP
192.168.2.1
192.168.2.20
127.0.0.1

Contacted Domains

Name IP Active
gstaticadssl.l.google.com 172.217.168.3 true
accounts.google.com 172.217.168.45 true
sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com 52.43.249.183 true
p13nlog-1106815646.us-east-1.elb.amazonaws.com 54.85.166.2 true
weebly.map.fastly.net 151.101.1.46 true
squareup.com 151.101.129.49 true
pci-connect.squareup.com 74.122.190.85 true
client-error-log-962704628.us-east-1.elb.amazonaws.com 52.45.34.218 true
weebly.com 74.115.50.109 true
pages-wildcard.weebly.com 199.34.228.53 true
squareup.map.fastly.net 151.101.1.49 true
ssl-google-analytics.l.google.com 172.217.168.40 true
www.google.com 172.217.168.68 true
clients.l.google.com 142.250.203.110 true
googlehosted.l.googleusercontent.com 142.250.203.97 true
logx.optimizely.com unknown unknown
uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com unknown unknown
cdn2.editmysite.com unknown unknown
errors.client.optimizely.com unknown unknown
a8447815042.cdn-pci.optimizely.com unknown unknown
clients2.googleusercontent.com unknown unknown
ec.editmysite.com unknown unknown
clients2.google.com unknown unknown
www.weebly.com unknown unknown
js.squareup.com unknown unknown
cdn-pci.optimizely.com unknown unknown
onboard-frontend-production-f.squarecdn.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://uifecc-labour-gov-za-covid19-paymentstatusjsp.weebly.com/ false
  • SlashNext: Fake Login Page type: Phishing & Social Engineering
 high