Windows Analysis Report
http://url9772.onlinedatareports.com/ls/click?upn=u001.ixzAc7ho4QPh1ym7GP1v7N8jbteRIgHYy3r13L-2Bxr-2BGNizhKtAWG4WsSaJnHYPG80577_3SwlBiW7haPbr-2F-2BqkjZhZHoWqX-2BW8wdxT8icvQSk-2FNptP5BEOKfRY-2B1Rds5JxogEjAzYGQuo7CfOLZ4FJOOusEyXQcaDvPBy8PXt9nDzeHOGiBNUeTQpW36n1snQjTedeEOPOZpIgHlJcHKc7PWmbriqEzgflRnimC

Overview

General Information

Sample URL:	http://url9772.onlinedatareports.com/ls/click?upn=u001.ixzAc7ho4QPh1ym7GP1v7N8jbteRIgHYy3r13L-2Bxr-2BGNizhKtAWG4WsSaJnHYPG80577_3SwlBiW7haPbr-2F-2BqkjZhZHoWqX-2BW8wdxT8icvQSk-2FNptP5BEOKfRY-2B1Rds5Jxo
Analysis ID:	1417001

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

Found iframes

Source: https://www.onlinedatareports.com/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-N57LZGJ
Source: https://www.onlinedatareports.com/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-N57LZGJ
Source: https://www.onlinedatareports.com/	HTTP Parser: Iframe src: https://secure.livechatinc.com/customer/action/open_chat?license_id=7139371&group=0&embedded=1&widget_version=3&unique_groups=0

HTML body contains low number of good links

Source: https://www.onlinedatareports.com/

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://www.onlinedatareports.com/

HTTP Parser: Title: OnlineDataReports.com does not match URL

Source: https://www.onlinedatareports.com/	HTTP Parser: No favicon
Source: https://secure.livechatinc.com/customer/action/open_chat?license_id=7139371&group=0&embedded=1&widget_version=3&unique_groups=0	HTTP Parser: No favicon

Source: https://www.onlinedatareports.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.onlinedatareports.com/	HTTP Parser: No <meta name="author".. found

Source: https://www.onlinedatareports.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.onlinedatareports.com/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.17:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.17:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.68:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49795 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: unknown

DNS traffic detected: queries for: url9772.onlinedatareports.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.17:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.17:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.68:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49795 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@15/49@60/274

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://url9772.onlinedatareports.com/ls/click?upn=u001.ixzAc7ho4QPh1ym7GP1v7N8jbteRIgHYy3r13L-2Bxr-2BGNizhKtAWG4WsSaJnHYPG80577_3SwlBiW7haPbr-2F-2BqkjZhZHoWqX-2BW8wdxT8icvQSk-2FNptP5BEOKfRY-2B1Rds5JxogEjAzYGQuo7CfOLZ4FJOOusEyXQcaDvPBy8PXt9nDzeHOGiBNUeTQpW36n1snQjTedeEOPOZpIgHlJcHKc7PWmbriqEzgflRnimClKO-2BzMDAZrQsD-2BTLH7O1eEkGpGPahzhBfByMr9XRQw-2FfEC-2FscM2A-3D-3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2004,i,8079371699346967328,3022499890895460892,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2004,i,8079371699346967328,3022499890895460892,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.249.39.126	unknown	United States	16509	AMAZON-02US	false
104.16.122.175	unpkg.com	United States	13335	CLOUDFLARENETUS	false
142.251.111.101	unknown	United States	15169	GOOGLEUS	false
162.55.95.218	www.woopra.com	United States	35893	ACPCA	false
23.222.79.202	unknown	United States	20940	AKAMAI-ASN1EU	false
99.84.108.109	www.onlinedatareports.com	United States	16509	AMAZON-02US	false
35.186.194.58	rs.fullstory.com	United States	15169	GOOGLEUS	false
151.101.1.91	unknown	United States	54113	FASTLYUS	false
172.253.62.94	unknown	United States	15169	GOOGLEUS	false
23.48.203.199	unknown	United States	24319	AKAMAI-TYO-APAkamaiTechnologiesTokyoASNSG	false
52.2.56.108	posthog-ingress-prod-us-256455477.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
99.84.108.90	unknown	United States	16509	AMAZON-02US	false
172.253.122.113	unknown	United States	15169	GOOGLEUS	false
167.89.115.150	sendgrid.net	United States	11377	SENDGRIDUS	false
142.251.16.138	unknown	United States	15169	GOOGLEUS	false
142.251.167.94	unknown	United States	15169	GOOGLEUS	false
172.253.62.97	unknown	United States	15169	GOOGLEUS	false
99.84.108.111	unknown	United States	16509	AMAZON-02US	false
142.251.163.95	unknown	United States	15169	GOOGLEUS	false
151.101.1.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
23.222.79.139	unknown	United States	20940	AKAMAI-ASN1EU	false
3.211.0.126	unknown	United States	14618	AMAZON-AESUS	false
23.61.11.170	unknown	United States	20940	AKAMAI-ASN1EU	false
167.89.115.120	unknown	United States	11377	SENDGRIDUS	false
142.251.16.104	www.google.com	United States	15169	GOOGLEUS	false
52.203.3.42	unknown	United States	14618	AMAZON-AESUS	false
18.173.219.112	b2723a579581.38f2a8b0.us-east-1.token.awswaf.com	United States	3	MIT-GATEWAYSUS	false
23.53.35.104	unknown	United States	20940	AKAMAI-ASN1EU	false
172.253.63.102	unknown	United States	15169	GOOGLEUS	false
23.53.35.106	unknown	United States	20940	AKAMAI-ASN1EU	false
184.31.74.253	unknown	United States	20940	AKAMAI-ASN1EU	false
35.201.112.186	edge.fullstory.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
99.84.108.106	unknown	United States	16509	AMAZON-02US	false
23.48.104.108	unknown	United States	20940	AKAMAI-ASN1EU	false
23.222.79.177	unknown	United States	20940	AKAMAI-ASN1EU	false
172.253.115.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.1.229	true
rs.fullstory.com	35.186.194.58	true
sendgrid.net	167.89.115.150	true
www.google.com	142.251.16.104	true
posthog-ingress-prod-us-256455477.us-east-1.elb.amazonaws.com	52.2.56.108	true
edge.fullstory.com	35.201.112.186	true
www.onlinedatareports.com	99.84.108.109	true
b2723a579581.38f2a8b0.us-east-1.token.awswaf.com	18.173.219.112	true
unpkg.com	104.16.122.175	true
www.woopra.com	162.55.95.218	true
url9772.onlinedatareports.com	unknown	unknown
us.i.posthog.com	unknown	unknown
cdn.jsdelivr.net	unknown	unknown
secure.livechatinc.com	unknown	unknown
api.livechatinc.com	unknown	unknown
app.posthog.com	unknown	unknown
accounts.livechatinc.com	unknown	unknown
cdn.livechatinc.com	unknown	unknown
static.woopra.com	unknown	unknown
cdn-4.convertexperiments.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://secure.livechatinc.com/customer/action/open_chat?license_id=7139371&group=0&embedded=1&widget_version=3&unique_groups=0	false		high
https://www.onlinedatareports.com/	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:28:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	5A0B3D44DD379445F2384C0CDBE910F1	6A5E4015D544EC6FC6CE6FDBC56DABBC0B09CF03	42FC10D998FD69C7653E6BB728A2C940959B99F6095925E1437D6F1F9D755519
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:28:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	1B206B1F501CA3872F1D4C0E963352D9	21A078E500D76CD0FCEF67A6C83A2FFC7835108A	52A61BBCA2FABE78A6F13C35D7158B99D065064D456314617AF8A79F68861B16
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	42DE1D9D78C2E3532DC66893677C6EB2	7A0FDAE9F113D5EDD34CBEC59D773E87AA565A3F	173D3DB9E97D477AF79B3C2B26BF9D532183C74EC16EBCEB73E12CC8E1F7A929
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:28:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	EA3EF62D9715FCF8051BE94717F1726C	4FF0B446FDD019E502A50B52EBF2F4A141FD146D	D0EEBA83A0F208FF9EFB328B74614BBA2EC9C8B7A418257C41CB2D9DAD580B59
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:28:04 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	20E5E58C0E783EB3F2518367ABAAC498	998494219742F8E30268491B15D71974CEB0579F	B18F97FE837ED5DA5A4A3F24E8E376EA988DEB30FC76308B40F143973E9A09A9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:28:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	9A503BB2D28C4E54B2254FC9A09619AE	5206423E68DF26D386BDA0908CCEA5280BCA4D54	1741D21E4596E68024A0D6C2F513BBC115C3772D1D6831A8BF106FB04C9BC4B3
Chrome Cache Entry: 106	ASCII text, with very long lines (65397)	117A0293F33B4043A4778ABE2D7BBB46	4067D0281CC6127C21CB43A84762294986C706B7	C8D8CD29AEF41228AF33306C8B7EC2DF2A64706B0E71C60EA1B562513949F0C9
Chrome Cache Entry: 107	ASCII text, with very long lines (432)	41B884169BEEA8D5214D180D513C86DD	29B0D2E71AA40F9B97637BE976837D138DAC557C	3D5D6660F89168E6C1065A990F2DC434590682C04D6C2CAE3048F003C8AA3E84
Chrome Cache Entry: 108	ASCII text, with no line terminators	1E07B1F0561718948A8C5D4E27BF35FE	BE52BE187FD676107EE0109A67FB5E71F3CB8865	86445D043D040DD3C7DE24A05603172D85196DD7991F0F5EB7104C7CA1FB6710
Chrome Cache Entry: 109	ASCII text	595E88012A6521AAE3E12CBEBE76EB9E	DA3968197E7BF67AA45A77515B52BA2710C5FC34	B16E15764B8BC06C5C3F9F19BC8B99FA48E7894AA5A6CCDAD65DA49BBF564793
Chrome Cache Entry: 110	ASCII text, with very long lines (20033)	31032B08BD8E72220462D3F54F8BD69A	871D6EF1070BD363EA390E0C8C384E47DCE7F389	C212F4B505A86352AED62B24A8F16F999F821ECBE6456C7F3C8A04BC87968782
Chrome Cache Entry: 111	ASCII text, with very long lines (65462)	01CF65BD25484EE1F4279B0B280A3DCD	168810F12DD5E87040F0BB249F073E11BBB29AF5	75060A4E7D446728CC58BF2D672D0FEAAB5C76D87F4A1A6E7C1312E2D6C6B0ED
Chrome Cache Entry: 113	C++ source, ASCII text	FF51C4827E2451438F11E16546E0F68C	2A98274157F263EE7BBB2E23BC0B4AA7DA0AE8C3	671950C46A92135B2065475D34EC5E1957B280D79F5C731D65D1B501C8F196E1
Chrome Cache Entry: 114	C++ source, ASCII text	159B4FAB855460DED82768D65CEA7126	1B10055FA8B409CB7B4CB5B21460C54AB6557CE4	C4081FE59A702BBE95E354596B8A2E86AD4E8C797A565EF896371772AD9E0759
Chrome Cache Entry: 115	Unicode text, UTF-8 text, with very long lines (11177), with no line terminators	6D2E5B84AFCC736BAE37AB6B8FD7136C	DC22B4A3DE90190A2E0B6D1DF8E38936E2D1263A	F3EED13CCD710FFAF4EF95F14DDC049DDADB04DDD3F9757DF83473B78A1B0EA8
Chrome Cache Entry: 116	C++ source, ASCII text	16B666C59C40D77D9CE50D9510BD669D	D67FC9014A926855CA9B2A5A315BFE3FD5FE5B89	35CAF170D4B23A7B9ED388AEC0068A12115B5B8D9E9113145BF9245B7B26BA2E
Chrome Cache Entry: 117	ASCII text, with very long lines (481)	1F417FD7BB1F7538943722AE0A1DB33A	59BE4B2CF2F21A720D7A12E86DACAC3D848717C6	49D1F38F9F93D5AD64479F97EC09ED6C4BE93E74D70004D3525D796ACD0598F9
Chrome Cache Entry: 119	ASCII text, with no line terminators	882984D13316EF6543B9D416BC8FF2EB	8F52A50440F9761F7FB0268D242B2E08E0F1926B	4DA5B7769D048A8B981CA03ED5303A176723B1148375B147F3EE1E8E6F65FBC9
Chrome Cache Entry: 120	ASCII text, with very long lines (65536), with no line terminators	FBD67794D76BB805F0410267EF0953B6	7DE3E228F06114FAB60E1AA25168ECCB720E3743	3B727C583D8F6E2AE53A17D255CCCC3AC0789206F29A6A99C379DC755B392EA0
Chrome Cache Entry: 121	C++ source, ASCII text	EC18FEFFD31CD2E2745765F905B8FDA0	7A530A8B90741BD1A11FED84A64BE5E1074D4D35	6F3EA63117791E2532BEB989875E8DF453A0CE4EA49A2C39606A9ED4D444114A
Chrome Cache Entry: 122	ASCII text, with very long lines (65462)	2B3C8D6B828FE4015E5F830E20AAD26E	B8D5D7A7F0D88C353848716628D62FA033582E07	CDBD96360D396C9DC4174BDA775E43C570DAFF9618D299C350B8C11BA27A88DD
Chrome Cache Entry: 123	gzip compressed data, was "tmpc32vauyc", last modified: Mon Mar 25 18:18:55 2024, max compression, original size modulo 2^32 258414	A638BF7F47EA9A583AF982BF50D8CF41	EA4A1A95DEA1FA130CA6A067AB08DCD617C66496	3827A7E78F4BB513D10331ABB351FA6170325DD398C48412DA8FE17EAE3D806F
Chrome Cache Entry: 124	gzip compressed data, original size modulo 2^32 4263	8FC658E422BCB51B66C5E3C93CFA089A	EB865B83B5B6D646C3847E58990618EC9364ED45	BB451E0D112513B9A5CAFA2C9D4C00EB481CF833C27950515C601C89348CBA3D
Chrome Cache Entry: 125	JSON data	B6BA82C37C780E791616F8F4D5CA5772	EFA54D817926FA08DEAA77DB53DBD93521D97B39	7B23628656640102C1C313D5CC07B5C4747AEBE0C14B8AA0F2B0773E5B0FD197
Chrome Cache Entry: 126	Java source, ASCII text	E6A18A39A3E18F0C7FB72B27D2C71C2C	9FA30224A1BE10D0FF1C9F4371CE748B22B9249A	1915C28609ED0BA17ABBBCC5A69E7CF64C0669AED78FA160E01765D07CB54870
Chrome Cache Entry: 127	C++ source, ASCII text	B18AD4AB5B06DEB7AAF90E85D1149520	4D75E82A22112F55916FFA7FFC47414AF0B99065	4F616132C432A8399FAF0C0DCC582999C5E6BC6C7A5F1AA14DE6E6A0328147B8
Chrome Cache Entry: 128	ASCII text, with very long lines (6667)	0FD091E722879EB7F37FB6973EE29DA7	D394A7E90FB4A03BC1EF06537DE2AC49F4AB0728	7CA33522EA393D846A5FF8084F4D660AF0AD3A946248A05AC6E78F038BF149AC
Chrome Cache Entry: 129	C++ source, ASCII text	DCD6C51F84332AD850ECD52DCC737346	050B6847A2E2A43A37E3F2B6A5F9FDCB384706FE	26D91E36B34E39DA40D0A5BF20CB6E3F1DD5F9354D93009A156EE9FFCD42DAE7
Chrome Cache Entry: 131	ASCII text, with very long lines (5955)	281B665DCE0E872B5BE62FF32A602F7D	32431178D12007C1C501A73E1F5F78F5A93037C1	0536A74C92731288AF93B44CED417F17163C38CD1ABB26D476C489261F722219
Chrome Cache Entry: 133	C++ source, ASCII text	567231BFC075F516D904E9588F3DF267	563D5B543C2947B2DE7C46E5B2CDAA9E9AA2EA4E	489FDB668B5D4312E047E914959B656ED2E85860F530F027102CD941609468A5
Chrome Cache Entry: 135	C++ source, ASCII text	ADF4EE33D1E5527BFCBC3BFBFA71144C	688185031A717E235EC4C3142F3757CA52F4A314	297F8E95808A63E724ECA9B326F8DDA412E115E7243E587BAF8046BCA571AB27
Chrome Cache Entry: 136	ASCII text, with very long lines (65536), with no line terminators	733A24C1CD86BB9F077F2AF39F92B6E3	8DC6CE5083A0CD32057B7C25EBD6A7CC9FADCB7C	4CF0C8DBF0403D072C35B9747E500B10B07835386FD677B5A026104574C6572D
Chrome Cache Entry: 137	data	A935D79C6D851F85A1B0E0E57D4FD5B5	81039B3F982CD0D7904DF754AED9982AA63DAFDC	D58914292E70FD4EF272AE4933983440B44A37AAB23C61F6BEAE77765DECAAA8
Chrome Cache Entry: 140	ASCII text, with very long lines (32087)	5AB36F2873642A1312D01D82AEA25220	5FA8040DF2E5E8502C2500B4FD870D14DB71C7DF	8213DB20FBEF6AB3F2A9AA5E8CA2220EA9FCA0DA391C45C04EABBAB02293F98A
Chrome Cache Entry: 141	JSON data	06FCFF9AD2CFBF648406A13875BD7E38	1C3620D1038C1578A3B5E21E80C0523123E1E304	9A970E1A236FE3E8F4A13AC7FF4E00C30809380E97B856FF6575BC2A38BBBDD6
Chrome Cache Entry: 142	JSON data	0133A1F266F4740A5D50DE1410FC1CA5	64955AA4F31415A69929B984665530F3C8C65E1D	94C5140FFBCABF14891B919CB87810EF0B7307CFE424DFFE47D25FB5FD6A551C
Chrome Cache Entry: 143	ASCII text, with very long lines (419), with no line terminators	F5568B124141679926DC7E3153A453AF	AF6A0188BCE0D4741E2B3763D9E678C9219A07AA	2732BE75DF9AFDB1177400C68800A770D29ACFAAEC2FD16C052194909CC015FB
Chrome Cache Entry: 144	C++ source, ASCII text	953BD0BE9019BE176DF46BF60BE4E250	9CCE71283347F585CD8EFD592E4539E4750C58E8	BE6F6C27F27274B739DCC73252750E85C5E54F7EC30AF304030CC2ED8C759AE6
Chrome Cache Entry: 145	ASCII text, with very long lines (65536), with no line terminators	0E6E6F4CDE03FD2F120CCB8390B5C744	09C97325ACDB05D1E22D2C3847A9F6F5BC6C5B6A	E080965FB244B4AD1A49D3F81039AAA85B994616C9D201005D719BF20D6CCC69
Chrome Cache Entry: 146	ASCII text, with very long lines (7471), with no line terminators	9D99E4B0E32837D363AB1AC852A965A9	6D8E0E4776D6F7D57A4EFE7FD4E32F245506C984	B256A4B825999B59C79C48FEA373A012C75537C37B5A5D70C9A3FD6E538B866A
Chrome Cache Entry: 147	HTML document, ASCII text, with very long lines (8911), with no line terminators	639DED0028835007B6FB6598ED8A8971	794D0BB33F6F9615E10677F7F681102397753EA5	C5E24AAF7357F17D5C951F656EB9BB0F04B835E70CD39FBDFDB14C7407EDB80A
Chrome Cache Entry: 148	JSON data	B01FBC12F390BC2E887EE7AA9E7F4B7E	EC881C993A14055D26542A45DD2EB6130D45BA85	27A6FBF70F156DD3EEB00B6161B06092E1B8A72D525D9501CA5DEB0D939B43CD
Chrome Cache Entry: 149	PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced	765C172D0422922DFB6960CF93FA8B02	E49115FD67231F2ED81B00747BA91EAADF12BE99	A466FFD8FE7D30E63460B37950D31FB803AEF73DD73A8152CFA6DB14CA15A2CE
Chrome Cache Entry: 150	ASCII text, with very long lines (38062)	9658EE950C87FCBDBB0C48DE33A17CD9	813E936E5C044B4D20365FDCBA5AD89409DA1BE7	E1800623C74046E01E90BD3F29A3939F4DF7D51316C975A00281265F5AB9A8DE
Chrome Cache Entry: 151	C++ source, ASCII text	1B3D077F3BB7C97F294D232714C642D8	4C4629F14477B50684903ABFA8DDF1F66EC97FE6	C3FFC38913C07D19FDB055FE08DF1BA85B28A9F5DD62FAFF6B1D35AD7FC8F70C
Chrome Cache Entry: 152	C++ source, ASCII text	76200595AD6B5469201835C91A1A8B51	2ADDBB11C79466E65F12513A53BC010C7660ADE1	E2F66E34CA383F66CCBD00D98746CAED383873CC7E96CF30A473CFB694010CA6
Chrome Cache Entry: 153	ASCII text, with very long lines (5557)	B4E2745D17EEC199D4EE4708714E2A3C	DF17500844D2A13FCB2A2E0926384A697F3F2997	187BEA2752D6F7562867F31CC83F7548A12D40866E72D684C2EC515089EC6F39
Chrome Cache Entry: 154	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel	E2E00681524827329EC6E6724A9F3F65	D940FA946DC33B8A4862905B8FBDF415F69D78BA	16983963FEDF4C36135CFF37C7A2B380B3953C0B801731AC507A87F4E3849481
Chrome Cache Entry: 155	C++ source, ASCII text	AB00CAA054B8719DE495B413C22C70A3	6A36931F1BB5DCFC841737BF3E507249F879622C	EDD11F645B35649E35F73514ECFD7F59233854C42BE4BFEBCFC97807D6483091

Found iframes

Source: https://www.onlinedatareports.com/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-N57LZGJ
Source: https://www.onlinedatareports.com/	HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-N57LZGJ
Source: https://www.onlinedatareports.com/	HTTP Parser: Iframe src: https://secure.livechatinc.com/customer/action/open_chat?license_id=7139371&group=0&embedded=1&widget_version=3&unique_groups=0

HTML body contains low number of good links

Source: https://www.onlinedatareports.com/

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://www.onlinedatareports.com/

HTTP Parser: Title: OnlineDataReports.com does not match URL

Source: https://www.onlinedatareports.com/	HTTP Parser: No favicon
Source: https://secure.livechatinc.com/customer/action/open_chat?license_id=7139371&group=0&embedded=1&widget_version=3&unique_groups=0	HTTP Parser: No favicon

Source: https://www.onlinedatareports.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.onlinedatareports.com/	HTTP Parser: No <meta name="author".. found

Source: https://www.onlinedatareports.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.onlinedatareports.com/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.17:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.17:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.68:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49795 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: unknown

DNS traffic detected: queries for: url9772.onlinedatareports.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.17:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.72.156.109:443 -> 192.168.2.17:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.68:443 -> 192.168.2.17:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49795 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@15/49@60/274

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://url9772.onlinedatareports.com/ls/click?upn=u001.ixzAc7ho4QPh1ym7GP1v7N8jbteRIgHYy3r13L-2Bxr-2BGNizhKtAWG4WsSaJnHYPG80577_3SwlBiW7haPbr-2F-2BqkjZhZHoWqX-2BW8wdxT8icvQSk-2FNptP5BEOKfRY-2B1Rds5JxogEjAzYGQuo7CfOLZ4FJOOusEyXQcaDvPBy8PXt9nDzeHOGiBNUeTQpW36n1snQjTedeEOPOZpIgHlJcHKc7PWmbriqEzgflRnimClKO-2BzMDAZrQsD-2BTLH7O1eEkGpGPahzhBfByMr9XRQw-2FfEC-2FscM2A-3D-3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2004,i,8079371699346967328,3022499890895460892,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2004,i,8079371699346967328,3022499890895460892,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1417001
Product:	CloudBasic
Start time:	13:27:27
Start date:	28.03.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs