Windows Analysis Report
http://links.news.privateinternetaccess.com

Overview

General Information

Sample URL: http://links.news.privateinternetaccess.com
Analysis ID: 1426716
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

No high impact signatures.

Classification

There are no high impact signatures.

Source: http://links.news.privateinternetaccess.com/ HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKCache-Control: privateContent-Type: text/html; charset=utf-8Content-Encoding: gzipVary: Accept-EncodingSet-Cookie: TEMP_DATA=d1b73f98-64ec-44d4-9972-5f21467405a2; path=/Date: Tue, 16 Apr 2024 12:17:37 GMTContent-Length: 678Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae 4f bf 3c 79 f3 fb bc 3c 4d e7 ed a2 4c 5f 7e f5 e4 f9 d9 49 fa d1 f6 dd bb df bd 77 72 f7 ee d3 37 4f d3 df fb db 6f be 78 9e ee 8e 77 d2 37 75 b6 6c 8a b6 a8 96 59 79 f7 ee e9 8b 8f d2 8f e6 6d bb 7a 74 f7 ee d5 d5 d5 f8 ea de b8 aa 2f ee be 79 75 f7 1d 60 ed e2 65 fd 75 bb f5 de 1c cf da d9 47 47 bf 71 f2 18 5f a5 ef 16 e5 b2 f9 2c 02 67 f7 e1 c3 87 f2 fa 47 29 b7 ce b3 19 fd fc b1 c7 6d d1 96 39 fd 96 d2 f3 ac aa d3 66 3d 69 a6 75 31 c9 6b 6a 75 d7 7c fb 63 8f 17 79 9b a5 cb 6c 91 7f f6 51 5d 4d aa b6 f9 28 9d 56 cb 36 5f b6 9f 7d b4 ac 8a e5 2c 7f 37 5a 56 e7 55 59 56 57 1f a5 77 bb ef 5c 54 d5 45 99 07 ef f0 28 ca ac a5 4f d1 fc f1 5d c5 e9 f1 a4 9a 5d d3 cf 1f 7b 3c 2b 2e f1 f3 c7 e8 b3 b2 58 be 4d e7 75 7e fe d9 47 77 9b f6 ba cc 9b bb 79 5d 57 f5 ef 71 f9 d9 d3 ac c9 9b cb ed 2f 9b c5 f1 f3 df bb 7c 70 f1 13 5f be 3a fb bd 2f 26 c7 cf ef b7 5f ee 4e a6 d9 ab ef 1e 2f 5e dd ff fc f7 df 29 4e 77 3f 4a eb bc fc ec 23 81 30 cf f3 f6 23 74 8d ff d0 59 3a 2d b3 86 c8 77 fa 7a fb 65 76 91 6f 7f 9b 10 ca eb 8f 52 6e fe d9 47 8b ac be 28 96 db 6d b5 7a 94 de df 59 bd 3b 04 dd 7f ec f1 7c ef e8 f7 a9 d6 e9 3c bb cc 09 7a 36 9d e7 b3 b4 9d e7 29 a3 dc e4 f5 65 5e 8f 69 70 7b a6 f1 d9 79 7a 6d da 67 cb eb f4 17 ad f3 06 73 d9 a4 17 55 3a c9 a6 6f d3 b6 42 8b 3a cd 17 59 51 52 9b 19 c1 5d 95 d7 0e ca 0a 58 ff 18 41 bb 67 a0 9d e7 79 89 5f 7e e1 8f df 7b 78 48 80 eb 7c 9a 17 97 84 49 96 2e f2 a6 a1 d1 a4 e7 75 b5 48 01 56 70 6a d2 ab a2 9d 57 eb 16 af d1 64 af f2 7a 51 34 0d 21 32 4a 57 65 4e 44 4d cf ab fa 2a ab 67 69 d1 02 a5 6c b2 6e f2 df 33 7f 47 0d db 26 a7 09 af c7 d3 6a 41 38 dd 23 64 1e df 25 fa d1 cf 1f 33 bf 3c be ab d3 48 0d 88 eb 8e fe 1f 91 26 54 37 1b 03 00 00 Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~|?"O<y<ML_~Iwr7Ooxw7ulYymzt/yu`euGGq_,gG)m9f=iu1kju|cylQ]M(V6_},7ZVUYVWw\TE(O]]{<+.XMu~Gwy]Wq/|p_:/&_N/^)Nw?J#0#tY:-wzevoRnG(mzY;|<z6)e^ip{yzmgsU:oB:YQR]XAgy_~{xH|I.uHVpjWdzQ4!2JWeNDM*giln3G&jA8#d%3<H&T7
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKCache-Control: publicContent-Type: text/css; charset=utf-8Content-Encoding: gzipExpires: Wed, 16 Apr 2025 12:17:38 GMTLast-Modified: Tue, 16 Apr 2024 12:17:38 GMTVary: User-Agent,Accept-EncodingDate: Tue, 16 Apr 2024 12:17:38 GMTContent-Length: 495Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 26 d5 ec fa 17 9f 57 cb 76 fb 3c 5b 14 e5 f5 a3 e3 ba c8 ca 43 fe a4 29 7e 90 3f da dd 5b bd 3b 5c 64 f5 45 b1 7c b4 73 b8 ca 66 b3 62 79 f1 68 e7 97 9c 57 f5 e2 17 47 3e ff f1 d3 d7 db 5f 64 c5 72 fb 24 5f b6 79 9d cf 7e f1 55 31 6b e7 8f 3e dd d9 71 80 b2 75 5b 99 77 b6 db 6a f5 e8 3e be 34 1f 4c aa b6 ad 16 8f 1e e2 b3 49 36 7d 7b 51 57 eb e5 6c 7b 55 35 45 5b 54 cb 47 75 71 31 6f 53 69 e5 37 a8 f3 55 9e b5 8f 96 95 fe d6 c7 25 2d 16 17 63 fa f0 79 75 51 29 f2 db 65 7e de 3e da 45 5f fa 81 00 e6 8f 1c 84 27 d5 bb 5f 3c a9 ea 59 5e 3f 6a aa b2 98 a5 bb ab 77 e9 8f 4f cf f1 df a1 8c 70 ff 80 de 30 83 e0 d7 cd 1f 06 e4 de 7d 02 39 2b 2e 81 c2 97 ab 6c 5a b4 d7 0f ee ff 62 6f 04 c5 22 bb c8 1f ad eb 72 eb e3 bb 27 34 05 84 f6 dd b3 c5 c5 dd ca 34 1e af 96 17 1f df f1 07 6d a9 82 71 a4 44 4b ff 4b a1 c3 23 f9 61 7a 7e 49 7d 6c 7f 3b cf 68 2c e9 7c ef 17 4f ab b2 aa 1f fd f8 a7 9f 7e ea cd fa 1e b0 17 7a d0 ec ce 73 50 9c d1 3f ac 2e f3 fa bc ac ae 1e cd 8b d9 2c 5f 1e b6 f9 bb 76 3b 2b 8b 8b e5 a3 29 a1 9b d7 fa 1a 4f 2b 88 10 ed f6 9e e9 f6 e1 c3 87 5e b7 cc 6c fc e7 95 74 b9 24 2e 23 76 14 90 84 49 af b7 5f f2 ff 00 1a df 99 f0 c1 02 00 00 Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~|?"&Wv<[C)~?[;\dE|sfbyhWG>_dr$_y~U1k>qu[wj>4LI6}{QWl{U5E[TGuq1oSi7U%-cyuQ)e~>E_'_<Y^?jwOp0}9+.lZbo"r'44mqDKK#az~I}l;h,|O~zsP?.,_v;+)O+^lt$.#vI_
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: links.news.privateinternetaccess.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /styles/error?v=Dasesv-OsmALXl7gQORIXgbAL5tO1bcaRWAmR5G_0iE1 HTTP/1.1Host: links.news.privateinternetaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://links.news.privateinternetaccess.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: TEMP_DATA=d1b73f98-64ec-44d4-9972-5f21467405a2
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: links.news.privateinternetaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://links.news.privateinternetaccess.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: TEMP_DATA=d1b73f98-64ec-44d4-9972-5f21467405a2
Source: unknown DNS traffic detected: queries for: links.news.privateinternetaccess.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Date: Tue, 16 Apr 2024 12:17:38 GMTContent-Length: 1432Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 20 69 64 3d 22 48 65 61 64 31 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 20 20 20 20 45 78 70 65 72 74 53 65 6e 64 65 72 20 3a 20 45 72 72 6f 72 20 34 30 34 0d 0a 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 74 72 61 6e 73 6c 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 48 6f 6d 65 2f 46 61 76 69 63 6f 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 48 6f 6d 65 2f 46 61 76 69 63 6f 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 73 2f 65 72 72 6f 72 3f 76 3d 44 61 73 65 73 76 2d 4f 73 6d 41 4c 58 6c 37 67 51 4f 52 49 58 67 62 41 4c 35 74 4f 31 62 63 61 52 57 41 6d 52 35 47 5f 30 69 45 31 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 2f 3e 0d 0a 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 73 2f 6d 61 69 6e 73 74 79 6c 65 73 3f 76 3d 41 57 76 45 37 4b 75 38 2d 2d 64 6a 48 46 61 39 6d 6e 30 4e 64 55 62 4d 39 6f 55 52 36 37 45 32 55 4a 66 45 50 37 55 32 79 65 4d 31 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 2f 3e 0d 0a 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 43 6f 6e 74 65 6e 74 2f 70 72 65 66 2e 6d 69 6e 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 32 2e 32 2e 33 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72
Source: chromecache_42.2.dr String found in binary or memory: http://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/jquery.validate.js
Source: chromecache_42.2.dr String found in binary or memory: https://code.jquery.com/jquery-2.2.3.min.js
Source: chromecache_42.2.dr String found in binary or memory: https://code.jquery.com/jquery-migrate-1.2.1.min.js
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: classification engine Classification label: clean0.win@16/6@4/4
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=2004,i,10016512260190257844,12287985651076443221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://links.news.privateinternetaccess.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=2004,i,10016512260190257844,12287985651076443221,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1426716 URL: http://links.news.privatein... Startdate: 16/04/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49723 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 click-s6-other.esv2.com 80.209.249.242, 49735, 49736, 49737 IQPL-ASPL Poland 10->17 19 www.google.com 74.125.136.106, 443, 49740, 49751 GOOGLEUS United States 10->19 21 links.news.privateinternetaccess.com 10->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
80.209.249.242
 click-s6-other.esv2.com Poland
47544 IQPL-ASPL false
239.255.255.250
 unknown Reserved
unknown unknown false
74.125.136.106
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
click-s6-other.esv2.com 80.209.249.242 true
www.google.com 74.125.136.106 true
fp2e7a.wpc.phicdn.net 192.229.211.108 true
links.news.privateinternetaccess.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://links.news.privateinternetaccess.com/favicon.ico false
    		high
    http://links.news.privateinternetaccess.com/ false
      		high
      http://links.news.privateinternetaccess.com/styles/error?v=Dasesv-OsmALXl7gQORIXgbAL5tO1bcaRWAmR5G_0iE1 false
        		high