Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://tmsnp.page.link/?link=https%3A%2F%2Fbonsalpaint.com%2Fnicas%2F%3Fe%3Dmarshallg%40berger.ca

Overview

General Information

Sample URL:https://tmsnp.page.link/?link=https%3A%2F%2Fbonsalpaint.com%2Fnicas%2F%3Fe%3Dmarshallg%40berger.ca
Analysis ID:756241

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
HTML body contains low number of good links
No HTML title found

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tmsnp.page.link/?link=https%3A%2F%2Fbonsalpaint.com%2Fnicas%2F%3Fe%3Dmarshallg%40berger.ca MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 6964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1808,i,2143788816404629539,6530415847919180823,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup
SourceRuleDescriptionAuthorStrings
06625.5.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    No Sigma rule has matched
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Source: Yara matchFile source: 06625.5.pages.csv, type: HTML
    Source: https://nw6chaoxuz637a5ae27ceda.kesarin.ru/PS-63866cc2c5621HTTP Parser: Number of links: 0
    Source: https://nw6chaoxuz637a5ae27ceda.kesarin.ru/PS-63866cc2c5621HTTP Parser: HTML title missing
    Source: https://nw6chaoxuz637a5ae27ceda.kesarin.ru/PS-63866cc2c5621HTTP Parser: No <meta name="author".. found
    Source: https://nw6chaoxuz637a5ae27ceda.kesarin.ru/PS-63866cc2c5621HTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdater
    Source: unknownHTTPS traffic detected: 104.21.72.10:443 -> 192.168.2.3:49717 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.72.10:443 -> 192.168.2.3:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.72.10:443 -> 192.168.2.3:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.72.10:443 -> 192.168.2.3:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.23.72:443 -> 192.168.2.3:49795 version: TLS 1.2
    Source: unknownDNS traffic detected: queries for: accounts.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownTCP traffic detected without corresponding DNS query: 172.217.18.100
    Source: unknownTCP traffic detected without corresponding DNS query: 172.217.18.100
    Source: unknownTCP traffic detected without corresponding DNS query: 172.217.18.100
    Source: unknownTCP traffic detected without corresponding DNS query: 172.217.18.100
    Source: unknownTCP traffic detected without corresponding DNS query: 172.217.18.100
    Source: unknownTCP traffic detected without corresponding DNS query: 172.217.18.100
    Source: unknownTCP traffic detected without corresponding DNS query: 172.217.18.100
    Source: unknownTCP traffic detected without corresponding DNS query: 172.217.18.100
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
    Source: unknownHTTPS traffic detected: 104.21.72.10:443 -> 192.168.2.3:49717 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.72.10:443 -> 192.168.2.3:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.72.10:443 -> 192.168.2.3:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.21.72.10:443 -> 192.168.2.3:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 152.199.23.72:443 -> 192.168.2.3:49795 version: TLS 1.2
    Source: classification engineClassification label: mal48.phis.win@24/0@16/124
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tmsnp.page.link/?link=https%3A%2F%2Fbonsalpaint.com%2Fnicas%2F%3Fe%3Dmarshallg%40berger.ca
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1808,i,2143788816404629539,6530415847919180823,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1808,i,2143788816404629539,6530415847919180823,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdater
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdater
    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath Interception1
    Process Injection
    2
    Masquerading
    OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium2
    Encrypted Channel
    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection
    LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
    Non-Application Layer Protocol
    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
    Application Layer Protocol
    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    https://tmsnp.page.link/?link=https%3A%2F%2Fbonsalpaint.com%2Fnicas%2F%3Fe%3Dmarshallg%40berger.ca0%Avira URL Cloudsafe
    https://tmsnp.page.link/?link=https%3A%2F%2Fbonsalpaint.com%2Fnicas%2F%3Fe%3Dmarshallg%40berger.ca1%VirustotalBrowse
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    bonsalpaint.com
    67.222.136.231
    truefalse
      unknown
      tmsnp.page.link
      142.250.184.225
      truefalse
        unknown
        a.nel.cloudflare.com
        35.190.80.1
        truefalse
          high
          accounts.google.com
          142.250.186.45
          truefalse
            high
            challenges.cloudflare.com
            104.18.7.185
            truefalse
              high
              www.google.com
              142.250.185.196
              truefalse
                high
                clients.l.google.com
                172.217.23.110
                truefalse
                  high
                  unpkg.com
                  104.16.125.175
                  truefalse
                    high
                    cs1025.wpc.upsiloncdn.net
                    152.199.23.72
                    truefalse
                      unknown
                      cloudflare.hcaptcha.com
                      104.18.19.132
                      truefalse
                        unknown
                        nw6chaoxuz637a5ae27ceda.kesarin.ru
                        104.21.72.10
                        truefalse
                          unknown
                          aadcdn.msauthimages.net
                          unknown
                          unknownfalse
                            unknown
                            clients2.google.com
                            unknown
                            unknownfalse
                              high
                              NameMaliciousAntivirus DetectionReputation
                              https://nw6chaoxuz637a5ae27ceda.kesarin.ru/Mmarshallg@berger.cafalse
                                unknown
                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/wjk86/0x4AAAAAAAAjq6WYeRDKmebM/light/normalfalse
                                  high
                                  https://nw6chaoxuz637a5ae27ceda.kesarin.ru/PS-63866cc2c5621false
                                    unknown
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.250.186.45
                                    accounts.google.comUnited States
                                    15169GOOGLEUSfalse
                                    104.18.19.132
                                    cloudflare.hcaptcha.comUnited States
                                    13335CLOUDFLARENETUSfalse
                                    142.250.74.202
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    104.18.7.185
                                    challenges.cloudflare.comUnited States
                                    13335CLOUDFLARENETUSfalse
                                    34.104.35.123
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    152.199.23.72
                                    cs1025.wpc.upsiloncdn.netUnited States
                                    15133EDGECASTUSfalse
                                    142.250.185.227
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    104.16.125.175
                                    unpkg.comUnited States
                                    13335CLOUDFLARENETUSfalse
                                    172.217.23.110
                                    clients.l.google.comUnited States
                                    15169GOOGLEUSfalse
                                    239.255.255.250
                                    unknownReserved
                                    unknownunknownfalse
                                    67.222.136.231
                                    bonsalpaint.comUnited States
                                    393398ASN-DISUSfalse
                                    142.250.184.225
                                    tmsnp.page.linkUnited States
                                    15169GOOGLEUSfalse
                                    35.190.80.1
                                    a.nel.cloudflare.comUnited States
                                    15169GOOGLEUSfalse
                                    104.21.72.10
                                    nw6chaoxuz637a5ae27ceda.kesarin.ruUnited States
                                    13335CLOUDFLARENETUSfalse
                                    172.217.16.132
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    142.250.74.195
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    172.217.18.100
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    IP
                                    192.168.2.1
                                    127.0.0.1
                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                    Analysis ID:756241
                                    Start date and time:2022-11-29 21:33:28 +01:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:
                                    Hypervisor based Inspection enabled:false
                                    Report type:light
                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                    Sample URL:https://tmsnp.page.link/?link=https%3A%2F%2Fbonsalpaint.com%2Fnicas%2F%3Fe%3Dmarshallg%40berger.ca
                                    Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                                    Number of analysed new started processes analysed:10
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • EGA enabled
                                    Analysis Mode:stream
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal48.phis.win@24/0@16/124
                                    • Exclude process from analysis (whitelisted): SIHClient.exe
                                    • Excluded IPs from analysis (whitelisted): 142.250.185.227, 34.104.35.123, 142.250.74.202, 172.217.23.106, 216.58.212.170, 142.250.184.234, 142.250.185.170, 142.250.186.106, 142.250.185.138, 142.250.184.202, 172.217.18.106, 142.250.185.234, 142.250.185.74, 142.250.185.202, 142.250.186.74, 142.250.185.106, 172.217.16.202, 142.250.186.170
                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, login.live.com, slscr.update.microsoft.com, aadcdn.azureedge.net, aadcdn.ec.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                    No created / dropped files found
                                    No static file info