Analysis Report http://covid19-projections.com/path-to-herd-immunity/

Overview

General Information

Sample URL:	http://covid19-projections.com/path-to-herd-immunity/
Analysis ID:	343639
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 185.199.108.153:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.3.43:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.3.43:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.3.67:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.3.67:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.217:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.217:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.201.72:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.201.72:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.195.238.30:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.195.238.30:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.220.66:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.220.66:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.158.60.209:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.158.60.209:443 -> 192.168.2.3:49757 version: TLS 1.2

Networking:

Source: global traffic

HTTP traffic detected: GET /path-to-herd-immunity/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid19-projections.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: covid19-projections.com

Source: county_tables_50000[1].htm.3.dr	String found in binary or memory: http://datatables.net/tn/
Source: plotly-latest.min[1].js.3.dr	String found in binary or memory: http://feross.org
Source: plotly-latest.min[1].js.3.dr	String found in binary or memory: http://syntheti.cc
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://academic.oup.com/cid/article/52/7/911/299077
Source: js[1].js.3.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: js[1].js.3.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: js[1].js.3.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.3.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: sharethis[1].js.3.dr	String found in binary or memory: https://buttons-config.sharethis.com/js/
Source: sharethis[1].js.3.dr	String found in binary or memory: https://c.sharethis.mgr.consensu.org/cmp-v2.js
Source: sharethis[1].js.3.dr	String found in binary or memory: https://c.sharethis.mgr.consensu.org/cmp.js
Source: sharethis[1].js.3.dr	String found in binary or memory: https://c.sharethis.mgr.consensu.org/is_eu
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://c.sharethis.mgr.consensu.org/portal-v2.html
Source: js[1].js.3.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: vaccination[1].htm.3.dr	String found in binary or memory: https://cdn.plot.ly/plotly-latest.min.js
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://cmmid.github.io/topics/covid19/uk-novel-variant.html
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://coronavirus.jhu.edu/
Source: path-to-herd-immunity[1].htm0.3.dr, YA5UAGMT.htm.3.dr	String found in binary or memory: https://covid.cdc.gov/covid-data-tracker/#vaccinations
Source: YA5UAGMT.htm.3.dr	String found in binary or memory: https://covid19-projections.com/
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr, ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/#us-counties-infections-estimates
Source: ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/#us-counties-infections-estimatess
Source: ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/#view-us-infections-estimates
Source: ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/#view-us-infections-estimatesAccept-Encodinggzip
Source: ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/#view-us-infections-estimatesd19-projections.com/path-to-herd-immuni
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/H
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/P
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/infections/county_tables_0.html
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/infections/county_tables_50000.html
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/infections/county_tables_500000.html
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/infections/map_slider_current_infected.html
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/infections/map_slider_total_vaccinations.html
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://covid19-projections.com/infections/summary-counties/
Source: ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/infections/summary-counties/tess
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/infections/us-home1.html
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/infections/us-home2.html
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/infections/us-home3.html
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/infections/us-home4.html
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://covid19-projections.com/path-to-herd-immunity/
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/path-to-herd-immunity/Root
Source: ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/path-to-herd-immunity/rtificial
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/path-to-herd-immunity/tions.com/path-to-herd-immunity/Root
Source: ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/th-to-herd-immunity/
Source: ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/th-to-herd-immunity/ection
Source: ~DF36280E3650AB3C97.TMP.2.dr	String found in binary or memory: https://covid19-projections.com/th-to-herd-immunity/y
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/vaccination.html
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-projections.com/vaccination_cdc.html
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-ptions.com/#us-counties-infections-estimatesRoot
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-ptions.com/#view-us-infections-estimatesRoot
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-ptions.com/infections/summary-counties/tesRoot
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-ptions.com/path-to-herd-immunity/Root
Source: {5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://covid19-ptions.com/th-to-herd-immunity/Root
Source: summary-counties[1].htm0.3.dr, YA5UAGMT.htm.3.dr	String found in binary or memory: https://covidtracking.com/
Source: plotly-latest.min[1].js.3.dr	String found in binary or memory: https://feross.org
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: plotly-latest.min[1].js.3.dr	String found in binary or memory: https://github.com/jonschlinkert/pad-left
Source: plotly-latest.min[1].js.3.dr	String found in binary or memory: https://github.com/jonschlinkert/repeat-string
Source: js[1].js.3.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://github.com/vividvilla/csvtotable
Source: plotly-latest.min[1].js.3.dr	String found in binary or memory: https://github.com/voidqk/polybooljs
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://github.com/youyanggu/covid19-datasets
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://github.com/youyanggu/covid19-infection-estimates-latest/blob/main/counties/1_latest_percent_
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://github.com/youyanggu/covid19-infection-estimates-latest/tree/main/counties
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://github.com/youyanggu/covid19_projections
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://jamanetwork.com/journals/jama/fullarticle/2772168
Source: js[1].js.3.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.3.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://platform-api.sharethis.com/js/sharethis.js#property=5fd614b8bd937f001265f4d9&product=inline-
Source: sharethis[1].js.3.dr	String found in binary or memory: https://platform-api.sharethis.com/powr.js?platform=sharethis
Source: sharethis[1].js.3.dr	String found in binary or memory: https://platform-cdn.sharethis.com
Source: YA5UAGMT.htm.3.dr	String found in binary or memory: https://platform.twitter.com/widgets.js
Source: widgets[1].js.3.dr	String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: sharethis[1].js.3.dr	String found in binary or memory: https://s3.amazonaws.com/sharethis-socialab-prod/share-this-logo%402x.png
Source: summary-counties[1].htm0.3.dr, path-to-herd-immunity[1].htm0.3.dr, YA5UAGMT.htm.3.dr	String found in binary or memory: https://schema.org
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://science.sciencemag.org/content/early/2021/01/06/science.abf4063
Source: sharethis[1].js.3.dr	String found in binary or memory: https://sharethis.com/platform/share-buttons?
Source: analytics[1].js.3.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: YA5UAGMT.htm.3.dr	String found in binary or memory: https://twitter.com/youyanggu
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://twitter.com/youyanggu/status/1337147909955964929
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://twitter.com/youyanggu/status/1337506967095369728
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://twitter.com/youyanggu/status/1338587017966284800
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://twitter.com/youyanggu/status/1338952594492813312
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://twitter.com/youyanggu/status/1343675401436971008
Source: YA5UAGMT.htm.3.dr	String found in binary or memory: https://twitter.com/youyanggu/status/1347266544946929665
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://twitter.com/youyanggu/status/1348723790017007617
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://twitter.com/youyanggu/status/1349817775909269505
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://twitter.com/youyanggu/status/1352008093652066304
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://www.biorxiv.org/content/10.1101/2021.01.15.426911v1
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://www.biorxiv.org/content/10.1101/2021.01.18.426984v1
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://www.bloomberg.com/graphics/covid-vaccine-tracker-global-distribution/?srnd=premium
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://www.cdc.gov/mmwr/volumes/70/wr/mm7003e2.htm
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://www.fda.gov/media/144245/download
Source: js[1].js.3.dr, sharethis[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.3.dr	String found in binary or memory: https://www.google.com
Source: js[1].js.3.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: js[1].js.3.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-162990648-1
Source: js[1].js.3.dr	String found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://www.nejm.org/doi/full/10.1056/NEJMoa2034545?s=09
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://www.nytimes.com/live/2021/01/01/world/covid-19-coronavirus-updates
Source: summary-counties[1].htm0.3.dr, path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://youyanggu.com
Source: summary-counties[1].htm0.3.dr	String found in binary or memory: https://youyanggu.com/images/c19pro_home_2020-12-16.png
Source: path-to-herd-immunity[1].htm0.3.dr	String found in binary or memory: https://youyanggu.com/images/c19pro_path_to_herd_immunity.png

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 185.199.108.153:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.3.43:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.3.43:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.3.67:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.86.3.67:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.217:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.217:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.201.72:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.201.72:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.195.238.30:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.195.238.30:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.220.66:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.184.220.66:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.158.60.209:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.158.60.209:443 -> 192.168.2.3:49757 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: clean0.win@3/37@9/8

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF6CF6ACDB48787AF8.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2540 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2540 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
93.184.220.66	unknown	European Union	15133	EDGECASTUS	false
143.204.201.72	unknown	United States	16509	AMAZON-02US	false
99.86.3.67	unknown	United States	16509	AMAZON-02US	false
99.86.3.43	unknown	United States	16509	AMAZON-02US	false
151.101.2.217	unknown	United States	54113	FASTLYUS	false
18.195.238.30	unknown	United States	16509	AMAZON-02US	false
185.199.108.153	unknown	Netherlands	54113	FASTLYUS	false
35.158.60.209	unknown	United States	16509	AMAZON-02US	false

Contacted Domains

Name	IP	Active
d2znr2yi078d75.cloudfront.net	99.86.3.67	true
dlaj66hdiarg7.cloudfront.net	143.204.201.72	true
httplogserver-lb.global.unified-prod.sharethis.net	18.195.238.30	true
covid19-projections.com	185.199.108.153	true
osff.map.fastly.net	151.101.2.217	true
l.sharethis.mgr.consensu.org	35.158.60.209	true
cs41.wac.edgecastcdn.net	93.184.220.66	true
d1r0ldx4ccoewq.cloudfront.net	99.86.3.43	true
buttons-config.sharethis.com	unknown	unknown
platform-api.sharethis.com	unknown	unknown
l.sharethis.com	unknown	unknown
favicon.ico	unknown	unknown
platform.twitter.com	unknown	unknown
c.sharethis.mgr.consensu.org	unknown	unknown
cdn.plot.ly	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://covid19-projections.com/infections/summary-counties/	false	unknown
https://covid19-projections.com/path-to-herd-immunity/	false	unknown
https://covid19-projections.com/#us-counties-infections-estimates	false	unknown
http://covid19-projections.com/path-to-herd-immunity/	false	unknown
https://covid19-projections.com/	false	unknown
https://covid19-projections.com/#view-us-infections-estimates	false	unknown

ID:	343639
Product:	CloudBasic
Start time:	09:24:45
Start date:	25.01.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\K6NWMUS0\covid19-projections[1].xml	ASCII text, with very long lines, with no line terminators	1E9C9126694738896A4DC9F11BD433C6	47F73A0DE33F2F0E9CDC176189ECA55F9BAE14D1	CCC1BC1ED6EFCD1AE1ABF16B91A58302CBB94D0EB04EEBA860A419E0948689F3
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5345F212-5F32-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	AA824D86E144C56846FBF84184EB5502	2F87EE926AA0E2603343A3C0A049FF6D2B94E712	45935F7B966677127BE8EA154CBF23D136995BAF7165374E19E3E987E7FD412F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5345F214-5F32-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	1BF5BC6E426E5CB6BA8AC5986ABACF6E	08F9CE5A516D63D36584DAA7EDE3EB94C9C84D96	1525DD055A79F30C0C2E51D8D3E52AB4F03C9AF6A2762EB6C29F5AAA6403AC8C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A80F409-5F32-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	79CD1ECDE78377CDBF1FA20EA39382EA	2B61A08DAFA0BDBEEC36BBCFAA3805ED95C688E5	42CF6B14281754A50D98874A26BB7CA8EBA37192261A759888BE0D0E21AA64B5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\YA5UAGMT.htm	HTML document, UTF-8 Unicode text, with very long lines	FA4B099BA1D39180518A05800004BB5D	0624964E4D39129C597A55DC3AE017C442847509	9B7D1294D18534FC2949389BC2D75F0E1857607CD3D346B8C231440068DB5397
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\analytics[1].js	ASCII text, with very long lines	53EE95B384D866E8692BB1AEF923B763	A82812B87B667D32A8E51514C578A5175EDD94B4	E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\map_slider_current_infected[1].htm	HTML document, ASCII text, with very long lines	077A5844986A7FF74A0FF9F3E73561B7	499133F86AC56A68B3AF3DD6C31E61EBBA8EF39F	6D4B84EFC8460B155CD73CB1A2FC1962512B827EB395E948ED25F123A5E2DBEC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\map_slider_total_vaccinations[1].htm	HTML document, ASCII text, with very long lines	C69437BC8036633A61E161D573CC8668	5CABA3EB25F2EFD4F66748001DFCBA01EA6C965D	2325BBBACCC144D68F5909BBE81BB845FDAA080F0813E9AFB0A9B42A57CF40D0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\style[1].css	ASCII text, with very long lines	8D82B2DA43CED06D3A4A5179FFCA205B	3B954A89024039FECCE145D64288A93DD4ABD2B5	B528422C9403788B85F2CEA345DBBE1B803FAC69F119144286094F4E897E4225
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\us-home1[1].htm	HTML document, ASCII text, with very long lines	8B7368D64C73321D6015F58DF2E9EF15	7DE8E66A35B71F22A6842A59693BF4D7548C18C5	ED14F2B94E11538FAD90A3B3915D3723751008CD45FF5E0B30E78B1A8AF24882
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\us-home2[1].htm	HTML document, ASCII text, with very long lines	B40A6C933DD6C64EDCFBD5B6C5684472	04835EC7B464C9138F2D966F55C776E7F496CF66	C0D06D4EA79A3F71CD55EC33D3021991EB53C522AA41FFB3B2A946B1AB7DB30C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\us-home3[1].htm	HTML document, ASCII text, with very long lines	643ACCBCE49C3B9734088A3ED3AE31E4	46B5790E6CAC115B483AC12955C2C2A81D0161BD	F5F9C1B946EA6830DBE255EAB005B009243D176254B0B6A376F7005E46E35773
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\us-home4[1].htm	HTML document, ASCII text, with very long lines	38872BB7AF114798C6BA1669BAD62B9B	48033F58B5003852EDB4D0F7B92E534EB9671513	16D1C89C36CB93A2FF20815BEE6DD5E72216CB5BE3BFCDBDD4AAEAB7E2394725
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css	ASCII text	1561B66F09CDE805EABFAB2DA360A953	E06ED58997252B681CFFB992EAB6E220A92E1F87	3425109C96FBED965075A759ABE818A2EE4C5F67AC45C75D55D81FA082720DF0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\path-to-herd-immunity[1].htm	HTML document, UTF-8 Unicode text, with very long lines	D5DB9E3193C91F8BFC6D09C4C3800CF8	46BCED20379C37774C52CE0953EF3426D4E34842	0837730E58B1C0F3DCF2A9486B9E2D456F3362BB61D64D0DEC429F4060F74271
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\path-to-herd-immunity[2].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\plotly-latest.min[1].js	ASCII text, with very long lines	059F6ECFA3930AA0B85B6EF4591390E4	935938DFA32871EED4ED08ADDDAF4B2F4E33224D	AF06677CFF2ACBC483A98B10ABC5184F3D4B4A270B2C3A6A1E498C54FF6A335F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\portal-v2[1].htm	HTML document, ASCII text, with very long lines	411E427F4CDD3BE20C16AE94D6EFB2C6	2B5131D31CC7D8B0B14B24670E7C99120D7C37AF	AC84513C4C5EA7E4458E91C46E33BA71B56E19FABF93CC079FFCB01A975C2E3D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\summary-counties[1].htm	HTML document, UTF-8 Unicode text, with very long lines	C0BB95045B91C97B4D3A23F756EF78E9	1EBACAA0C08152B28426AE2EE58D3DE28937372E	7AB25F7D7BC9512780E897B21176D0866540DA42F8300FDCFC608FA4CEC693FD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\county_tables_0[1].htm	HTML document, UTF-8 Unicode text, with very long lines	CDEB0C91654FFD4B9A61B7DE54A0A7FD	9308DF420FF551CB2CBDC27C1A933BBE82F94364	465264A4DBF83F6C40A66DAF38C69C7F0B038955FBD5C2F54F8FD107F634084A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\county_tables_50000[1].htm	HTML document, UTF-8 Unicode text, with very long lines	1BE78C69EB7DF98EC1D5E4AA705269EA	C1DF1DAE6340D94F1B6E8FC7F6F21A7A4D1ED6A0	17509F1500D3D504B6720B9412D638A20586A2DD448F1141A77E194A94DFEA3C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem5YaGs126MiZpBA-UN7rgOUuhv[1].woff	Web Open Font Format, TrueType, length 18900, version 1.1	1F85E92D8FF443980BC0F83AD7B23B60	EE8642C4FAE325BB460EC29C0C2C9AD8A4C7817D	EA20E5DB3BA915C503173FAE268445FC2745FC9A5DCE2F58D47F5A355E1CDB18
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem8YaGs126MiZpBA-UFVZ0d[1].woff	Web Open Font Format, TrueType, length 18100, version 1.1	DE0869E324680C99EFA1250515B4B41C	8033A128504F11145EA791E481E3CF79DCD290E2	81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sharethis[1].js	UTF-8 Unicode text, with very long lines	DAF0031178C8A7AA8322F8260F58C9DA	6D093C867056110ED0C0A0EFF0A7E6B5324717B5	DF35EDBDF585AB9F21871115B309FB4CDE4BE9D754C210DFD27CCEC1E0ADA438
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\vaccination[1].htm	HTML document, ASCII text, with very long lines	9AAEB39130EB9F3608CBF62BB8E1A27D	C094EEC0BACE3A1E804E949AC297069F8F3FC511	7E0045E73DAC807F265811B25FD7B0433578BBF31C911DDDC37B303379175763
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\vaccination_cdc[1].htm	HTML document, ASCII text, with very long lines	BE08E9C539B67A0755CB8A15372B01B0	5BFC9454F77B0958D4E79CE8E43D7FC2AB23C851	3EF1A4F049ABFE010979746A1C0152328703C21A2AE455120B1814287C40FE68
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5fd614b8bd937f001265f4d9[1].js	ASCII text, with very long lines, with no line terminators	1268A0AA1879945683CC07C01BD79693	AC141C44E5B9ED21EC302F684264E4F988358131	560E304234997C37B90E5762EBA564D4C40157DA270FB80CAD733A6E3D2DBC79
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\county_tables_500000[1].htm	HTML document, UTF-8 Unicode text, with very long lines	7EEA755076741AB7F490F32896DA9BB0	9FC762A584E44C66659A23740F20D155C47F3B48	8FEC1147F15202E29A6977A0D392707A0EA0E28D04CB3EF96C7282949A9CEB79
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\js[1].js	ASCII text, with very long lines	0B2D560B5B890A5CCED518DA8E832BCA	F884D5CFB13804DB6A3BA7B2D59AFA84CFD95BEB	B2DBC7BBC94A2DE5E0F48327B012DD61A2785B79ACE92C9B0F7BCC39F02EE716
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\path-to-herd-immunity[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\summary-counties[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\usa_110m[1].json	ASCII text, with very long lines, with no line terminators	D6E9BCA5E9558145B6ABB5290BD76866	6DD1FBFC59733E19746E7B923932A865C0980D8B	C97DC0675B4650B266545C96C0C91BD7D59D6528496EFA5AF7BB98BE574CBD39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\usa_110m[2].json	ASCII text, with very long lines, with no line terminators	D6E9BCA5E9558145B6ABB5290BD76866	6DD1FBFC59733E19746E7B923932A865C0980D8B	C97DC0675B4650B266545C96C0C91BD7D59D6528496EFA5AF7BB98BE574CBD39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\widgets[1].js	UTF-8 Unicode text, with very long lines	A671D4D584EF50954E5CEBB21DA17065	8525273807BC78582911A112FEB6DA77E93BEFA0	2B418A10BA4680C77FA07FB0E736EEC6306CBA0DBBBC8DEAC94A25E679178E15
C:\Users\user\AppData\Local\Temp\~DF36280E3650AB3C97.TMP	data	AE4362E4F025294AE4515278726A816C	53913A05A0E5A403202BB3DD7E187B3C193ED7B7	AEEB600A0ED6B9B08E9204FC2E5B763A62001661774881EB065CFF87F817DD92
C:\Users\user\AppData\Local\Temp\~DF6CF6ACDB48787AF8.TMP	data	0DC35471F02911607DE2D28AB7DFE822	795059F3F27F455457ECF26C606DEB26C2C9F89D	6071B2C4737EB422D9E72C379A746890390420C1C885C446EE26EA47761D740E
C:\Users\user\AppData\Local\Temp\~DFB3A424E090788BE9.TMP	data	B9D2F47F1E621EDCE40513732250A706	E70D444615BC8EEC5B52B717167D5D185EFCDF73	F1DC89D8910880EBF2CA544EBAE8FBEA27B72E2D194205998A4ACF210D7089D4

Analysis Report http://covid19-projections.com/path-to-herd-immunity/

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs