Windows Analysis Report
https://w2globaldata.cabildodeagayu.com/1/?e=d2FycmVuLnJ1c3NlbGxAdzJnbG9iYWxkYXRhLmNvbQ==

Overview

General Information

Sample URL: https://w2globaldata.cabildodeagayu.com/1/?e=d2FycmVuLnJ1c3NlbGxAdzJnbG9iYWxkYXRhLmNvbQ==
Analysis ID: 626089

Detection

HTMLPhisher
Score: 68
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Yara detected Captcha Phish
Phishing site detected (based on image similarity)
HTML body contains low number of good links
Invalid T&C link found
Suspicious form URL found
No HTML title found

Classification

Phishing

barindex
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Template: microsoft matched with high similarity
Source: Yara match File source: 30849.3.pages.csv, type: HTML
Source: Yara match File source: 58601.1.pages.csv, type: HTML
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php Matcher: Found strong image similarity, brand: Microsoft image: 30849.3.img.4.gfk.csv 7916A894EBDE7D29C2CC29B267F1299F
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Number of links: 0
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Number of links: 0
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Invalid link: Terms of use
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Invalid link: Privacy & cookies
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Invalid link: Terms of use
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Invalid link: Privacy & cookies
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Form action: action.php
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: Form action: action.php
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: HTML title missing
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: HTML title missing
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: No <meta name="author".. found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: No <meta name="author".. found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: No <meta name="copyright".. found
Source: https://w2globaldata.cabildodeagayu.com/1/main/main.php HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:59918 version: TLS 1.2
Source: unknown HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:59917 version: TLS 1.2
Source: chrome.exe Memory has grown: Private usage: 5MB later: 25MB
Source: unknown DNS traffic detected: queries for: w2globaldata.cabildodeagayu.com
Source: unknown Network traffic detected: HTTP traffic on port 59269 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63570
Source: unknown Network traffic detected: HTTP traffic on port 53996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57013
Source: unknown Network traffic detected: HTTP traffic on port 64356 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49176 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62952
Source: unknown Network traffic detected: HTTP traffic on port 62952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59918
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59917
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49177
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49176
Source: unknown Network traffic detected: HTTP traffic on port 59917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50665
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64902
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54430
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54352
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52293
Source: unknown Network traffic detected: HTTP traffic on port 49177 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64563 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51448
Source: unknown Network traffic detected: HTTP traffic on port 59918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53905
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 57028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63570 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57028
Source: unknown Network traffic detected: HTTP traffic on port 56843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62148 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 61646
Source: unknown Network traffic detected: HTTP traffic on port 64902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61646 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64356
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 61960
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63080
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55819
Source: unknown Network traffic detected: HTTP traffic on port 54430 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52293 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54352 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown Network traffic detected: HTTP traffic on port 53905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59269
Source: unknown Network traffic detected: HTTP traffic on port 51448 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64563
Source: unknown Network traffic detected: HTTP traffic on port 50665 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62148
Source: unknown Network traffic detected: HTTP traffic on port 61960 -> 443
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:59918 version: TLS 1.2
Source: unknown HTTPS traffic detected: 190.8.176.18:443 -> 192.168.2.3:59917 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\alfredo\AppData\Local\Temp\a19969bc-7ac5-4376-88ed-9c950e694569.tmp
Source: classification engine Classification label: mal68.phis.win@27/78@10/202
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://w2globaldata.cabildodeagayu.com/1/?e=d2FycmVuLnJ1c3NlbGxAdzJnbG9iYWxkYXRhLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1684,17803112645196298991,12407811329536085281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\lockfile
Source: Window Recorder Window detected: More than 3 window changes detected
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs