Windows Analysis Report https://share.sender.net/campaigns/2G8r/files

Overview

General Information

Sample URL: https://share.sender.net/campaigns/2G8r/files
Analysis ID: 491264
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on shot template match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Yara detected HtmlPhish29
Yara detected HtmlPhish7
Phishing site detected (based on image similarity)
No HTML title found
HTML body contains low number of good links

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: https://share.sender.net/campaigns/2G8r/files SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://outrageous-wide-railway.glitch.me/ SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://share.sender.net/campaigns/2G8r/%7B%24unsubscribe_link%7D SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on shot template match)
Source: https://outrageous-wide-railway.glitch.me/ Matcher: Template: office matched
Yara detected HtmlPhish10
Source: Yara match File source: 64316.1.pages.csv, type: HTML
Yara detected HtmlPhish29
Source: Yara match File source: 64316.1.pages.csv, type: HTML
Yara detected HtmlPhish7
Source: Yara match File source: 64316.1.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: https://outrageous-wide-railway.glitch.me/ Matcher: Found strong image similarity, brand: Microsoft image: 64316.1.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: https://outrageous-wide-railway.glitch.me/ Matcher: Found strong image similarity, brand: Microsoft image: 64316.1.img.3.gfk.csv FE22440D79FFA34950F512EF4A718B2A
No HTML title found
Source: https://outrageous-wide-railway.glitch.me/ HTTP Parser: HTML title missing
Source: https://outrageous-wide-railway.glitch.me/ HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://outrageous-wide-railway.glitch.me/ HTTP Parser: Number of links: 0
Source: https://outrageous-wide-railway.glitch.me/ HTTP Parser: Number of links: 0
Source: https://outrageous-wide-railway.glitch.me/ HTTP Parser: No <meta name="author".. found
Source: https://outrageous-wide-railway.glitch.me/ HTTP Parser: No <meta name="author".. found
Source: https://outrageous-wide-railway.glitch.me/ HTTP Parser: No <meta name="copyright".. found
Source: https://outrageous-wide-railway.glitch.me/ HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:49802 version: TLS 1.2
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 Sep 2021 10:16:10 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closevary: Originaccept-ranges: bytes
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=4%2FLYERAcg6Q8FynoXIQ3o%2BZndGvyb%2F2L%2FZqMkJZpBxzVo9kYbJG
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=CneeAJNVz%2B8AjMWjDz%2BmqPXNo5tB0qQ1RK%2B19uUvDx352gCrVNr3R
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=Pol%2FhxGJFxNQfyp%2FaJTtJY0fs%2BAhRn36Mgp7t89m5h2oGdKQ0gn80
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=e359n4k4N3GeNQdxoEl%2BsXFplnCtHYYpg64p5X3k%2Bq4KWD1NFZXFOxK
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, manifest.json0.0.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://accounts.google.com
Source: 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://ajax.googleapis.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://ajax.googleapis.com/
Source: c56deb8b106b171e_0.0.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: ad1a66ab04856db2_0.0.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsa
Source: ad1a66ab04856db2_0.0.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsaD
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, manifest.json0.0.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://apis.google.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://cdnjs.cloudflare.com/
Source: 1ebedd33807c580a_0.0.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 1ebedd33807c580a_0.0.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsaD
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://code.jquery.com/
Source: d4fafc5ad6b4574b_0.0.dr, d774b5337cd01684_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: d774b5337cd01684_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.jsaD
Source: b24e808654b52c4f_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 51b19d265676aa09_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.jsa
Source: 51b19d265676aa09_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.jsaD
Source: 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/images-tbn
Source: 738df663-6bf5-4dce-b4ea-8b2fff33a793.tmp.2.dr, 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr, ef0d2660-e629-4740-98b5-7f685196480a.tmp.2.dr String found in binary or memory: https://dns.google
Source: 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://encrypted-tbn0.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.dr String found in binary or memory: https://hangouts.google.com/
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://ka-f.fontawesome.com/
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://kit.fontawesome.com/
Source: 8ef92f4c2be45138_0.0.dr String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: 8ecf782c7b13bd5a_0.0.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: 8ecf782c7b13bd5a_0.0.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsaD
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://ogs.google.com
Source: 8ef92f4c2be45138_0.0.dr, Network Action Predictor-journal.0.dr, Current Session.0.dr String found in binary or memory: https://outrageous-wide-railway.glitch.me/
Source: 8ef92f4c2be45138_0.0.dr String found in binary or memory: https://outrageous-wide-railway.glitch.me/.
Source: History-journal.0.dr String found in binary or memory: https://outrageous-wide-railway.glitch.me//
Source: History Provider Cache.0.dr String found in binary or memory: https://outrageous-wide-railway.glitch.me/2
Source: Current Session.0.dr String found in binary or memory: https://outrageous-wide-railway.glitch.me/4
Source: History-journal.0.dr String found in binary or memory: https://outrageous-wide-railway.glitch.me/Share
Source: d4fafc5ad6b4574b_0.0.dr String found in binary or memory: https://outrageous-wide-railway.glitch.me/W
Source: 261d2461877d84ae_0.0.dr String found in binary or memory: https://outrageous-wide-railway.glitch.me/x
Source: c56deb8b106b171e_0.0.dr String found in binary or memory: https://outrageous-wide-railway.glitch.me/z
Source: manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://play.google.com
Source: 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://r1---sn-1gi7znes.gvt1.com
Source: 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Network Action Predictor.0.dr String found in binary or memory: https://share.sender.net/
Source: Current Session.0.dr String found in binary or memory: https://share.sender.net/campaigns/2G8r/%7B%24unsubscribe_link%7D
Source: Current Session.0.dr String found in binary or memory: https://share.sender.net/campaigns/2G8r/%7B%24unsubscribe_link%7D_
Source: History-journal.0.dr String found in binary or memory: https://share.sender.net/campaigns/2G8r/%7B%24unsubscribe_link%7Dfiles..
Source: History-journal.0.dr String found in binary or memory: https://share.sender.net/campaigns/2G8r/%7B%24unsubscribe_link%7Dfiles../
Source: Current Session.0.dr, History-journal.0.dr String found in binary or memory: https://share.sender.net/campaigns/2G8r/files
Source: History Provider Cache.0.dr String found in binary or memory: https://share.sender.net/campaigns/2G8r/files2
Source: History-journal.0.dr String found in binary or memory: https://share.sender.net/campaigns/2G8r/filesfiles..
Source: History-journal.0.dr String found in binary or memory: https://share.sender.net/campaigns/2G8r/filesfiles../
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://uiinlcuo37oed.web.app/
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, manifest.json0.0.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com;
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 2aeb4efe-9fe1-43d3-bc44-c40ff5a653ff.tmp.2.dr, 76716475-cb80-469c-a011-91b343dbd7a5.tmp.2.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://www.gstatic.com;
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://zippy-button-hyssop.glitch.me/
Source: 261d2461877d84ae_0.0.dr String found in binary or memory: https://zippy-button-hyssop.glitch.me/viewenable.js
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: global traffic HTTP traffic detected: GET /campaigns/2G8r/files HTTP/1.1Host: share.sender.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /email_images/103576/images/all/sharepoint.png HTTP/1.1Host: cdn.sender.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://share.sender.net/campaigns/2G8r/filesAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: share.sender.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://share.sender.net/campaigns/2G8r/filesAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: outrageous-wide-railway.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /viewenable.js HTTP/1.1Host: zippy-button-hyssop.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /csas9nfs1bxqsa65w3dw64jet1hssiopr9/hover.css HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://outrageous-wide-railway.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://outrageous-wide-railway.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://outrageous-wide-railway.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/adobe.jpg HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/outlook1.png HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/office3651.png HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/other1.png HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/8.jpg HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: outrageous-wide-railway.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /campaigns/2G8r/%7B%24unsubscribe_link%7D HTTP/1.1Host: share.sender.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /email_images/103576/images/all/sharepoint.png HTTP/1.1Host: cdn.sender.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://share.sender.net/campaigns/2G8r/%7B%24unsubscribe_link%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "61518145-252b"If-Modified-Since: Mon, 27 Sep 2021 08:31:01 GMT
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/adobe.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uiinlcuo37oed.web.app
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/office3651.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uiinlcuo37oed.web.app
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/outlook1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uiinlcuo37oed.web.app
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/other1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uiinlcuo37oed.web.app
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: outrageous-wide-railway.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"2ba3-17bc5456a90"If-Modified-Since: Wed, 08 Sep 2021 11:57:46 GMT
Source: global traffic HTTP traffic detected: GET /viewenable.js HTTP/1.1Host: zippy-button-hyssop.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "7d8e6486aa2a34c5c2fa92774a93f6cd"If-Modified-Since: Wed, 08 Sep 2021 12:44:59 GMT
Source: global traffic HTTP traffic detected: GET /csas9nfs1bxqsa65w3dw64jet1hssiopr9/hover.css HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "e4c7b38ebf0c1bb7f7bc9193113d305dfd11817279517afe7904b1a9cf19a91f"If-Modified-Since: Wed, 01 Sep 2021 00:13:38 GMT
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/adobe.jpg HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "f8fcf15198c53900ff9690be18e90820c91fa82fdbebe463c6a77dcfa273ec71"If-Modified-Since: Wed, 01 Sep 2021 00:13:38 GMT
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/outlook1.png HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "181232938be6b7bd118aacdee7c09fedfe42c183843baa23a645f0262b8fb326"If-Modified-Since: Wed, 01 Sep 2021 00:13:38 GMT
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/office3651.png HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "f470482c793d65ce5e5c001d2466b440003d6cfe721d8d3442d9d825157ca3a2"If-Modified-Since: Wed, 01 Sep 2021 00:13:38 GMT
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/other1.png HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "702685aceaca9ed1ba709d4a1508fb913b5a4b2001c7c96548651d10b57446be"If-Modified-Since: Wed, 01 Sep 2021 00:13:38 GMT
Source: global traffic HTTP traffic detected: GET /gimecqp5nd39h98x6ymwebcuo461fka4mpo/8.jpg HTTP/1.1Host: uiinlcuo37oed.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://outrageous-wide-railway.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "e1fd9b6b18530d6985d188593afc56661be86fcc091aec1466049f88cc91603c"If-Modified-Since: Wed, 01 Sep 2021 00:13:38 GMT
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.3:49802 version: TLS 1.2
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://share.sender.net/campaigns/2G8r/files'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,6983443980889206658,6330619194161039253,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1732 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,6983443980889206658,6330619194161039253,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1732 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61521869-1A8C.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\e1153a1b-260e-4e03-a95f-b0ee2479c2af.tmp Jump to behavior
Source: classification engine Classification label: mal92.phis.win@33/224@14/13
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 491264 URL: https://share.sender.net/ca... Startdate: 27/09/2021 Architecture: WINDOWS Score: 92 13 uiinlcuo37oed.web.app 2->13 25 Antivirus detection for URL or domain 2->25 27 Antivirus / Scanner detection for submitted sample 2->27 29 Phishing site detected (based on shot template match) 2->29 31 4 other signatures 2->31 7 chrome.exe 14 411 2->7         started        signatures3 process4 dnsIp5 15 192.168.2.1 unknown unknown 7->15 17 239.255.255.250 unknown Reserved 7->17 10 chrome.exe 29 7->10         started        process6 dnsIp7 19 googlehosted.l.googleusercontent.com 172.217.168.1, 443, 49794 GOOGLEUS United States 10->19 21 accounts.google.com 172.217.168.13, 443, 49741 GOOGLEUS United States 10->21 23 15 other IPs or domains 10->23
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.67.68.172
 share.sender.net United States
13335 CLOUDFLARENETUS false
18.210.105.246
 zippy-button-hyssop.glitch.me United States
14618 AMAZON-AESUS false
216.58.215.227
 gstaticadssl.l.google.com United States
15169 GOOGLEUS false
52.200.40.111
 outrageous-wide-railway.glitch.me United States
14618 AMAZON-AESUS false
172.217.168.1
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
172.217.168.13
 accounts.google.com United States
15169 GOOGLEUS false
104.26.13.112
 cdn.sender.net United States
13335 CLOUDFLARENETUS false
199.36.158.100
 uiinlcuo37oed.web.app United States
15169 GOOGLEUS false
104.18.11.207
 maxcdn.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
104.16.19.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private
IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
cdn.sender.net 104.26.13.112 true
gstaticadssl.l.google.com 216.58.215.227 true
accounts.google.com 172.217.168.13 true
cdnjs.cloudflare.com 104.16.19.94 true
maxcdn.bootstrapcdn.com 104.18.11.207 true
zippy-button-hyssop.glitch.me 18.210.105.246 true
clients.l.google.com 172.217.168.78 true
uiinlcuo37oed.web.app 199.36.158.100 true
share.sender.net 172.67.68.172 true
googlehosted.l.googleusercontent.com 172.217.168.1 true
outrageous-wide-railway.glitch.me 52.200.40.111 true
ka-f.fontawesome.com unknown unknown
kit.fontawesome.com unknown unknown
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown
code.jquery.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://share.sender.net/favicon.ico false
    		high
    https://uiinlcuo37oed.web.app/gimecqp5nd39h98x6ymwebcuo461fka4mpo/8.jpg false
    • Avira URL Cloud: safe
    		 unknown
    https://outrageous-wide-railway.glitch.me/ false
    • SlashNext: Fake Login Page type: Phishing & Social Engineering
    		 high
    https://cdn.sender.net/email_images/103576/images/all/sharepoint.png false
      		high
      https://zippy-button-hyssop.glitch.me/viewenable.js false
        		high
        https://uiinlcuo37oed.web.app/csas9nfs1bxqsa65w3dw64jet1hssiopr9/hover.css false
        • Avira URL Cloud: safe
        		 unknown
        https://share.sender.net/campaigns/2G8r/files false
          		high
          https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
            		high
            https://uiinlcuo37oed.web.app/gimecqp5nd39h98x6ymwebcuo461fka4mpo/office3651.png false
            • Avira URL Cloud: safe
            		 unknown
            https://outrageous-wide-railway.glitch.me/favicon.ico false
              		high
              https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js false
                		high
                https://uiinlcuo37oed.web.app/gimecqp5nd39h98x6ymwebcuo461fka4mpo/outlook1.png false
                • Avira URL Cloud: safe
                		 unknown
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
                  		high
                  https://share.sender.net/campaigns/2G8r/files false
                    		high
                    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css false
                      		high
                      https://uiinlcuo37oed.web.app/gimecqp5nd39h98x6ymwebcuo461fka4mpo/other1.png false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js false
                        		high
                        https://uiinlcuo37oed.web.app/gimecqp5nd39h98x6ymwebcuo461fka4mpo/adobe.jpg false
                        • Avira URL Cloud: safe
                        		 unknown
                        https://share.sender.net/campaigns/2G8r/%7B%24unsubscribe_link%7D false
                        • SlashNext: Fake Login Page type: Phishing & Social Engineering
                        		 high
                        https://share.sender.net/campaigns/2G8r/%7B%24unsubscribe_link%7D false
                        • SlashNext: Fake Login Page type: Phishing & Social Engineering
                        		 high
                        https://outrageous-wide-railway.glitch.me/ false
                        • SlashNext: Fake Login Page type: Phishing & Social Engineering
                        		 high