Windows Analysis Report
https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg

Overview

General Information

Sample URL:	https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg
Analysis ID:	756228
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Phishing site detected (based on logo template match)

Phishing site detected (based on image similarity)

HTML body contains low number of good links

No HTML title found

Classification

Signatures

Phishing

Phishing site detected (based on favicon image match)

Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 22653.0.pages.csv, type: HTML

Phishing site detected (based on logo template match)

Matcher: Template: microsoft matched

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: Microsoft image: 22653.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

HTML body contains low number of good links

Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	HTTP Parser: Number of links: 0
Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	HTTP Parser: Number of links: 0

No HTML title found

Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	HTTP Parser: HTML title missing
Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	HTTP Parser: HTML title missing

Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	HTTP Parser: No <meta name="author".. found
Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	HTTP Parser: No <meta name="author".. found

Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	HTTP Parser: No <meta name="copyright".. found
Source: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.4:49728 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg HTTP/1.1Host: cialistabspharmacy.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg== HTTP/1.1Host: cialistabspharmacy.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=cf72920363d7b55e4607305c1c276c2e
Source: global traffic	HTTP traffic detected: GET /16.000/Converged_v21033_egJPTAx_byK-yF_CMCKFeg2.css HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/axios/0.21.1/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371 HTTP/1.1Host: cialistabspharmacy.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg==Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=cf72920363d7b55e4607305c1c276c2e
Source: global traffic	HTTP traffic detected: GET /16.000.29039.9/images/favicon.ico HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cialistabspharmacy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /16.000.29039.9/images/favicon.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: logincdn.msauth.net

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: unknown

HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.4:49728 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@23/0@9/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1828,i,2187161938276056667,2480233056043708616,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1828,i,2187161938276056667,2480233056043708616,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
172.217.168.68	www.google.com	United States	15169	GOOGLEUS	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
184.168.106.3	cialistabspharmacy.com	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	false
192.229.221.185	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
accounts.google.com	172.217.168.45	true
cdnjs.cloudflare.com	104.17.25.14	true
www.google.com	172.217.168.68	true
cs1227.wpc.alphacdn.net	192.229.221.185	true
clients.l.google.com	142.250.203.110	true
cialistabspharmacy.com	184.168.106.3	true
clients2.google.com	unknown	unknown
secure.aadcdn.microsoftonline-p.com	unknown	unknown
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	true		unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg	false		unknown
https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg==	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	false		high
https://cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.js	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://cialistabspharmacy.com/polaris/82ergcp2gtlrtmwdd72dd2kz73dce75d92181ca956e737b3cb66db98.php?sessionID=aW52b2ljZUBlbWVyZ2lmaS5jb20dDwMFAg%3D%3D&websrc=Vu8j5MDuFXcIw8caZsLSg55YePOh7Ob1bLax6UMeEfDH2KtK69Kqs79wEmhs2ylwjZ5CaLnlzZH3RFD01GRVFKvyr8is3O7T3wD2KhSkVmVTPRktolOwAxUy8ttkICXaNsewe6s7gIXCnTs9cFBweAi5HyNNk7t3OORb0C2z5SzegFUu1LFDMJ0HgsH9nle2lluf8j3Z2tuFqdtL42gYt9mPkPe2erCcOkDBHoEZqhkbWne5873SqeBR3vAlzZBbCNKcAQfs58EVSFpqYqLnoSLVyiSjACshGsaLBSaNAS07Ie&dispatch=273&id=726371	true		unknown

ID:	756228
Product:	CloudBasic
Start time:	20:58:49
Start date:	29.11.2022
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Windows Analysis Report
https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://cialistabspharmacy.com/polaris/?aW52b2ljZUBlbWVyZ2lmaS5jb20=&d=DwMFAg