Analysis Report http://www.laporcovid19.org

Overview

General Information

Sample URL: http://www.laporcovid19.org
Analysis ID: 397950
Infos:

Most interesting Screenshot:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Found iframes
HTML title does not match URL
Unusual large HTML page

Classification

Phishing:

barindex
Found iframes
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2143399696&timestamp=1619478701806
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2143399696&timestamp=1619478701806
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: /_/bscframe
HTML title does not match URL
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Title: YouTube does not match URL
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Title: YouTube does not match URL
Unusual large HTML page
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Total size: 1660048
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: www.laporcovid19.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: laporcovid19.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: d7301d588c29468b_0.0.dr String found in binary or memory: (%https://www.facebook.com/LaporCovid19 equals www.facebook.com (Facebook)
Source: Current Session.0.dr String found in binary or memory: )https://www.youtube.com/embed/0rMjn0gn3-s equals www.youtube.com (Youtube)
Source: Network Action Predictor-journal.0.dr String found in binary or memory: +www.youtube.com equals www.youtube.com (Youtube)
Source: Network Action Predictor.0.dr String found in binary or memory: +www.youtube.comSQLite format 3 equals www.youtube.com (Youtube)
Source: Network Action Predictor-journal.0.dr String found in binary or memory: +www.youtube.comWJ equals www.youtube.com (Youtube)
Source: Network Action Predictor-journal.0.dr String found in binary or memory: +www.youtube.comn equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: +https://www.youtube.com/watch?v=0rMjn0gn3-s equals www.youtube.com (Youtube)
Source: 000003.log3.0.dr String found in binary or memory: -_https://www.youtube.com equals www.youtube.com (Youtube)
Source: 000003.log3.0.dr String found in binary or memory: ._https://www.youtube.com equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: /signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin" equals www.youtube.com (Youtube)
Source: 000003.log3.0.dr String found in binary or memory: 0_https://www.youtube.com equals www.youtube.com (Youtube)
Source: 000003.log3.0.dr String found in binary or memory: 5_https://www.youtube.com equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: 8https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlg equals www.youtube.com (Youtube)
Source: ef7caa204c1b984e_0.0.dr String found in binary or memory: ://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: @https://www.youtube.com/watch?v=0rMjn0gn3-s&feature=emb_imp_woyt equals www.youtube.com (Youtube)
Source: 000003.log0.0.dr String found in binary or memory: Gnamespace-55dbc929_d11d_4572_996e_e0949b99b7c7-https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: 000003.log0.0.dr String found in binary or memory: Gnamespace-ac50ba8f_8085_4e88_832d_bdb5fd5706db-https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: 000003.log0.0.dr String found in binary or memory: Gnamespace-ef121070_7a04_4c3a_8cdb_def16afbe9ad-https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: 000003.log0.0.dr String found in binary or memory: Gnamespace-f89b3e77_401b_46b2_a0b3_95f64b325f47-https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: ef7caa204c1b984e_0.0.dr String found in binary or memory: Ihttps://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/base.jsaD` equals www.youtube.com (Youtube)
Source: b0a360ceeb8dc1d8_0.0.dr String found in binary or memory: Jhttps://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/embed.jsaD` equals www.youtube.com (Youtube)
Source: 39986ccdf0da7184_0.0.dr String found in binary or memory: Khttps://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/remote.jsaD` equals www.youtube.com (Youtube)
Source: 000003.log3.0.dr String found in binary or memory: META:https://www.youtube.com equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: Ohttps://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlg?feature=emb_ch_name_ex equals www.youtube.com (Youtube)
Source: baf039634a1a22d3_0.0.dr String found in binary or memory: Qhttps://www.youtube.com/s/player/fa244a41/fetch-polyfill.vflset/fetch-polyfill.jsaD` equals www.youtube.com (Youtube)
Source: Favicons.0.dr String found in binary or memory: Shttps://www.youtube.com/favicon.ico& equals www.youtube.com (Youtube)
Source: Network Action Predictor-journal.0.dr String found in binary or memory: Twww.youtube.com equals www.youtube.com (Youtube)
Source: 3edafc1cfda525f9_0.0.dr String found in binary or memory: Uhttps://www.youtube.com/s/player/fa244a41/www-embed-player.vflset/www-embed-player.jsaD` equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: Z)https://www.youtube.com/embed/0rMjn0gn3-s equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: \https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_login equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: \https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_login2 equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: \https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_loginP-E equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: \https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_loginV, equals www.youtube.com (Youtube)
Source: 000003.log3.0.dr String found in binary or memory: _https://www.youtube.com equals www.youtube.com (Youtube)
Source: baf039634a1a22d3_0.0.dr String found in binary or memory: _keyhttps://www.youtube.com/s/player/fa244a41/fetch-polyfill.vflset/fetch-polyfill.js equals www.youtube.com (Youtube)
Source: b06ea7729b30c0bd_0.0.dr String found in binary or memory: _keyhttps://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: b0a360ceeb8dc1d8_0.0.dr String found in binary or memory: _keyhttps://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
Source: 2563e2cfdae02f95_0.0.dr String found in binary or memory: _keyhttps://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
Source: f374efe77d747fee_0.0.dr String found in binary or memory: _keyhttps://www.youtube.com/s/player/fa244a41/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
Source: Favicons-journal.0.dr String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=enT equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=enYouTube equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en| equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLogin equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLoginYouTube equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fpost_login%26feature%3Dshortcut&hl=en&flowName=GlifWebSignIn&flowEntry=ServiceLoginYouTube/ equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg%3Ffeature%3Demb_ch_name_ex&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1 equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg%3Ffeature%3Demb_ch_name_ex&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1" equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg%3Ffeature%3Demb_ch_name_ex&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1Before you continue to YouTube equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1 equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1" equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1Before you continue to YouTube equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1Before you continue to YouTube/ equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1t equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s%26feature%3Demb_imp_woyt&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1 equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s%26feature%3Demb_imp_woyt&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1" equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s%26feature%3Demb_imp_woyt&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1Before you continue to YouTube equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1 equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1" equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1Before you continue to YouTube equals www.youtube.com (Youtube)
Source: d7301d588c29468b_0.0.dr String found in binary or memory: https://www.facebook.com/LaporCovid19 equals www.facebook.com (Facebook)
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlg equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlg?feature=emb_ch_name_ex equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlg?feature=emb_ch_name_exBefore you continue to YouTube equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlg?feature=emb_ch_name_exBefore you continue to YouTube/ equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlgBefore you continue to YouTube equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlgBefore you continue to YouTube/ equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/embed/0rMjn0gn3-s equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/embed/0rMjn0gn3-sYouTube equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/embed/0rMjn0gn3-sYouTube/ equals www.youtube.com (Youtube)
Source: Favicons.0.dr String found in binary or memory: https://www.youtube.com/favicon.ico equals www.youtube.com (Youtube)
Source: baf039634a1a22d3_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/fetch-polyfill.vflset/fetch-polyfill.js equals www.youtube.com (Youtube)
Source: ef7caa204c1b984e_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: b0a360ceeb8dc1d8_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
Source: 39986ccdf0da7184_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
Source: 3edafc1cfda525f9_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_login equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_login equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_loginYouTube equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_loginYouTube/ equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-s equals www.youtube.com (Youtube)
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-s&feature=emb_imp_woyt equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-s&feature=emb_imp_woytBefore you continue to YouTube equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-s&feature=emb_imp_woytBefore you continue to YouTube/ equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-sBefore you continue to YouTube equals www.youtube.com (Youtube)
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-sBefore you continue to YouTube/ equals www.youtube.com (Youtube)
Source: Network Action Predictor-journal.0.dr String found in binary or memory: pwww.youtube.com equals www.youtube.com (Youtube)
Source: ef7caa204c1b984e_0.0.dr String found in binary or memory: www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com equals www.youtube.com (Youtube)
Source: Network Action Predictor-journal.0.dr String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: Network Action Predictor-journal.0.dr String found in binary or memory: xwww.youtube.com equals www.youtube.com (Youtube)
Source: f374efe77d747fee_0.0.dr String found in binary or memory: y_keyhttps://www.youtube.com/s/player/fa244a41/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"isolation":[],"server":"https://www.laporcovid19.org","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544278533355","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544278895764","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13266544278895766","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://r5---sn-h0jeen7d.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544286696488","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544293093058","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544285599509","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":62629},"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544302009255","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://content-autofill.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544282082935","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":61297},"server":"https://www.google-analytics.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544326797022","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.youtube.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544326806533","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544330245959","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544302371286","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":58223},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544332149967","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://static.doubleclick.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13266544332174901","port":443,"protocol_str":"quic
Source: unknown DNS traffic detected: queries for: www.laporcovid19.org
Source: d7301d588c29468b_0.0.dr String found in binary or memory: http://192.168.1.5:4000/
Source: Favicons-journal.0.dr String found in binary or memory: http://laporcovid19.org/
Source: History Provider Cache.0.dr String found in binary or memory: http://laporcovid19.org/23LaporCovid-19
Source: History-journal.0.dr String found in binary or memory: http://laporcovid19.org/LaporCovid-19
Source: Current Session.0.dr, History-journal.0.dr String found in binary or memory: http://www.laporcovid19.org/
Source: History Provider Cache.0.dr String found in binary or memory: http://www.laporcovid19.org/23LaporCovid-19
Source: History-journal.0.dr String found in binary or memory: http://www.laporcovid19.org/LaporCovid-19
Source: Reporting and NEL.1.dr String found in binary or memory: https://a.nel.cloudflare.com/report?s=devPYgTGRqqhLtNi1soMS0b96VuZ7giiIlvn6Vz%2BvK7bmAxcuPM3Dy%2Fn6D
Source: Reporting and NEL.1.dr String found in binary or memory: https://a.nel.cloudflare.com/report?s=wyAd%2F60a7YkqKqASYrQ1Cy9E3lYScIo4MUm%2B%2F8zq%2B5s7gQpyFFmoBP
Source: Reporting and NEL.1.dr String found in binary or memory: https://a.nel.cloudflare.com/report?s=zdmDRZpD7ZbTNFiazYRwzyjNaQ91p8BUX4l9osCYkShVbD8Qnx8R%2FWNGdOyE
Source: 000003.log3.0.dr, Current Session.0.dr, manifest.json0.0.dr, 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://accounts.google.com
Source: Current Session.0.dr String found in binary or memory: https://accounts.google.com#
Source: 0d8bd6ed36d52d11_0.0.dr String found in binary or memory: https://accounts.google.com/
Source: e51c4f1931fed3e3_0.0.dr String found in binary or memory: https://accounts.google.com/=
Source: Current Session.0.dr, History-journal.0.dr, Favicons-journal.0.dr String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&btmpl=popup&continue=h
Source: Current Session.0.dr String found in binary or memory: https://accounts.google.com/_/bscframe
Source: History-journal.0.dr String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&btmpl=popup&co
Source: Current Session.0.dr String found in binary or memory: https://accounts.google.comh
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://accounts.youtube.com
Source: Current Session.0.dr String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-2257
Source: Current Session.0.dr String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=21433
Source: manifest.json0.0.dr, 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://apis.google.com
Source: 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: Current Session.0.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://consent.youtube.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://consent.youtube.com/
Source: History-journal.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46s
Source: Current Session.0.dr, History-journal.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s%26fea
Source: Current Session.0.dr, History-journal.0.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s&gl=DE
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsDomainCookiesCheckConnectionHttp/external
Source: Reporting and NEL.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/ConsentUi/external
Source: Reporting and NEL.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: 203b75e8-1113-48ec-b3fe-db301dfe56db.tmp.1.dr, 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 8bab6cfd-84f4-4ebd-9833-e78ec45f6fa0.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://fonts.googleapis.com/
Source: d7301d588c29468b_0.0.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Lato:wght
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor-journal.0.dr String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: d7301d588c29468b_0.0.dr String found in binary or memory: https://forum.laporcovid19.org/
Source: d7301d588c29468b_0.0.dr String found in binary or memory: https://github.com/mathiasbynens/CSS.escape).
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://googleads.g.doubleclick.net
Source: manifest.json0.0.dr String found in binary or memory: https://hangouts.google.com/
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://i.ytimg.com
Source: Current Session.0.dr String found in binary or memory: https://laporcovid19.org
Source: Network Action Predictor-journal.0.dr, 586efb0622951409_0.0.dr, 6fdde531359d58b6_0.0.dr, Favicons-journal.0.dr String found in binary or memory: https://laporcovid19.org/
Source: History Provider Cache.0.dr String found in binary or memory: https://laporcovid19.org/23LaporCovid-19
Source: Current Session.0.dr String found in binary or memory: https://laporcovid19.org/3LaporCovid-19
Source: 13198f6293cb0d13_0.0.dr String found in binary or memory: https://laporcovid19.org/H
Source: 5ae83a951500f4f1_0.0.dr String found in binary or memory: https://laporcovid19.org/I
Source: History-journal.0.dr String found in binary or memory: https://laporcovid19.org/LaporCovid-19
Source: 08a027927af6e12c_0.0.dr String found in binary or memory: https://laporcovid19.org/R
Source: 08a027927af6e12c_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/02731e2.js
Source: 08a027927af6e12c_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/02731e2.jsaD
Source: 586efb0622951409_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/113a2f4.js
Source: 586efb0622951409_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/113a2f4.jsaD
Source: 3628128b7cb7b3ec_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/14b25ad.js
Source: 3628128b7cb7b3ec_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/14b25ad.jsaD
Source: 99746ad493b8171a_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/1725d6d.js
Source: 99746ad493b8171a_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/1725d6d.jsaD
Source: ad16b5408654ed52_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/3023af3.js
Source: ad16b5408654ed52_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/3023af3.jsaD
Source: 6fdde531359d58b6_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/696116c.js
Source: 6fdde531359d58b6_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/696116c.jsaD
Source: 75802e05d48dc972_0.0.dr, d7301d588c29468b_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/6ca9ecf.js
Source: d7301d588c29468b_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/6ca9ecf.jsaD
Source: 9d6d19f482de5a7d_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/71744e7.js
Source: 9d6d19f482de5a7d_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/71744e7.jsaD
Source: c4e0918b4735a4bb_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/758f5b5.js
Source: c4e0918b4735a4bb_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/758f5b5.jsaD
Source: a7a0299e641655a5_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/7cd4187.js
Source: a7a0299e641655a5_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/7cd4187.jsaD
Source: b7791abd66804a67_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/7f26880.js
Source: b7791abd66804a67_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/7f26880.jsaD
Source: 5ae83a951500f4f1_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/aa5b96e.js
Source: 5ae83a951500f4f1_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/aa5b96e.jsaD
Source: 34cadc32b20ec592_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/d2fd471.js
Source: 34cadc32b20ec592_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/d2fd471.jsaD
Source: 55474a2cdb068b88_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/e89325f.js
Source: 55474a2cdb068b88_0.0.dr String found in binary or memory: https://laporcovid19.org/_nuxt/e89325f.jsaD
Source: 13198f6293cb0d13_0.0.dr String found in binary or memory: https://laporcovid19.org/cdn-cgi/bm/cv/669835187/api.js
Source: Favicons-journal.0.dr String found in binary or memory: https://laporcovid19.org/favicon.ico
Source: ad16b5408654ed52_0.0.dr String found in binary or memory: https://laporcovid19.org/jk
Source: Current Session.0.dr String found in binary or memory: https://laporcovid19.orgh
Source: 6fdde531359d58b6_0.0.dr String found in binary or memory: https://nakes.laporcovid19.org/
Source: 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://ogs.google.com
Source: ef7caa204c1b984e_0.0.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 9d6d19f482de5a7d_0.0.dr String found in binary or memory: https://peta.laporcovid19.org/
Source: 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://play.google.com
Source: c4e0918b4735a4bb_0.0.dr String found in binary or memory: https://pvi.laporcovid19.org/
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://r5---sn-h0jeen7d.gvt1.com
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://ssl.gstatic.com
Source: 5b7afd9443462a0b_0.0.dr String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en.kUju4RKWvZk.O/am=A4O4YYMCNAAIQAAA
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://static.doubleclick.net
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: d7301d588c29468b_0.0.dr String found in binary or memory: https://twitter.com/LaporCovid
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://www.google-analytics.com
Source: 3ae0c9815dce8653_0.0.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: manifest.json0.0.dr, 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://www.google.com
Source: Network Action Predictor-journal.0.dr, manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: Favicons-journal.0.dr String found in binary or memory: https://www.google.com/favicon.ico
Source: Favicons-journal.0.dr String found in binary or memory: https://www.google.com/favicon.ico(
Source: d894af6cc49377fb_0.0.dr String found in binary or memory: https://www.google.com/js/th/hlLHYuMj9gNC5zTdq--KBNr5YWNPOXBLIpYMmShXYzs.js
Source: d894af6cc49377fb_0.0.dr String found in binary or memory: https://www.google.com/js/th/hlLHYuMj9gNC5zTdq--KBNr5YWNPOXBLIpYMmShXYzs.jsaD
Source: 783a744b2b46364f_0.0.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com;
Source: 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 5a4ff1d6-afe2-43bf-b831-297da7da3016.tmp.1.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://www.gstatic.com
Source: bcb193756032fcc9_0.0.dr String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.ConsentUi.en._7XOn5LT8K8.es5.O/ck=boq
Source: 39986ccdf0da7184_0.0.dr String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: manifest.json0.0.dr String found in binary or memory: https://www.gstatic.com;
Source: d7301d588c29468b_0.0.dr String found in binary or memory: https://www.instagram.com/laporcovid19/
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://www.laporcovid19.org
Source: History-journal.0.dr, Favicons-journal.0.dr String found in binary or memory: https://www.laporcovid19.org/
Source: History Provider Cache.0.dr String found in binary or memory: https://www.laporcovid19.org/23LaporCovid-19
Source: History-journal.0.dr String found in binary or memory: https://www.laporcovid19.org/LaporCovid-19
Source: Current Session.0.dr, 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://www.youtube.com
Source: 000003.log0.0.dr String found in binary or memory: https://www.youtube.com/
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlg
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlg?feature=emb_ch_name_ex
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlg?feature=emb_ch_name_exBefore
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/channel/UCboLp6FcRL5LbKL46sXBXlgBefore
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/embed/0rMjn0gn3-s
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/embed/0rMjn0gn3-sYouTube
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/embed/0rMjn0gn3-sYouTube/
Source: Favicons.0.dr String found in binary or memory: https://www.youtube.com/favicon.ico
Source: Favicons.0.dr String found in binary or memory: https://www.youtube.com/favicon.ico&
Source: baf039634a1a22d3_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/fetch-polyfill.vflset/fetch-polyfill.js
Source: baf039634a1a22d3_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/fetch-polyfill.vflset/fetch-polyfill.jsaD
Source: ef7caa204c1b984e_0.0.dr, b06ea7729b30c0bd_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/base.js
Source: ef7caa204c1b984e_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/base.jsaD
Source: b0a360ceeb8dc1d8_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/embed.js
Source: b0a360ceeb8dc1d8_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/embed.jsaD
Source: 2563e2cfdae02f95_0.0.dr, 39986ccdf0da7184_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/remote.js
Source: 39986ccdf0da7184_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/player_ias.vflset/en_US/remote.jsaD
Source: f374efe77d747fee_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/www-embed-player.vflset/www-embed-player.js
Source: 3edafc1cfda525f9_0.0.dr String found in binary or memory: https://www.youtube.com/s/player/fa244a41/www-embed-player.vflset/www-embed-player.jsaD
Source: Current Session.0.dr, History-journal.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_login
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_login2
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_loginP-E
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_loginV
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_loginYouTube
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/signin?context=popup&next=https%3A%2F%2Fwww.youtube.com%2Fpost_loginYouTube/
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-s
Source: Current Session.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-s&feature=emb_imp_woyt
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-s&feature=emb_imp_woytBefore
Source: History-journal.0.dr String found in binary or memory: https://www.youtube.com/watch?v=0rMjn0gn3-sBefore
Source: baf039634a1a22d3_0.0.dr, d894af6cc49377fb_0.0.dr String found in binary or memory: https://youtube.com/
Source: 335e69ddec2b9ac6_0.0.dr String found in binary or memory: https://youtube.com/F
Source: b0a360ceeb8dc1d8_0.0.dr String found in binary or memory: https://youtube.com/Q$#
Source: f374efe77d747fee_0.0.dr String found in binary or memory: https://youtube.com/U
Source: 335e69ddec2b9ac6_0.0.dr String found in binary or memory: https://youtube.com/V
Source: 335e69ddec2b9ac6_0.0.dr String found in binary or memory: https://youtube.com/m
Source: 2a52b76b-550d-411b-9675-677450b0d02b.tmp.1.dr String found in binary or memory: https://yt3.ggpht.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: classification engine Classification label: clean1.win@49/215@13/10
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60874893-1790.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\678ed17a-be3b-4a11-a0ec-599f1a67656d.tmp Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'http://www.laporcovid19.org'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,11939290187013884241,7043982140473784357,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1636,11939290187013884241,7043982140473784357,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5720 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1636,11939290187013884241,7043982140473784357,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4708 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,11939290187013884241,7043982140473784357,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1636,11939290187013884241,7043982140473784357,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5720 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1636,11939290187013884241,7043982140473784357,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4708 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 397950 URL: http://www.laporcovid19.org Startdate: 26/04/2021 Architecture: WINDOWS Score: 1 16 cms.laporcovid19.org 2->16 6 chrome.exe 14 437 2->6         started        process3 dnsIp4 18 192.168.2.1 unknown unknown 6->18 20 192.168.2.22 unknown unknown 6->20 22 3 other IPs or domains 6->22 9 chrome.exe 53 6->9         started        12 chrome.exe 6->12         started        14 chrome.exe 1 6 6->14         started        process5 dnsIp6 24 googlehosted.l.googleusercontent.com 172.217.23.1, 443, 49738, 49755 GOOGLEUS United States 9->24 26 googleads.g.doubleclick.net 172.217.23.66, 443, 49734, 61948 GOOGLEUS United States 9->26 28 12 other IPs or domains 9->28
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.23.1
 photos-ugc.l.googleusercontent.com United States
15169 GOOGLEUS false
172.217.23.86
 i.ytimg.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.217.23.66
 googleads.g.doubleclick.net United States
15169 GOOGLEUS false
104.21.85.166
 laporcovid19.org United States
13335 CLOUDFLARENETUS false

Private
IP
192.168.2.1
192.168.2.5
192.168.2.22
192.168.2.30
127.0.0.1

Contacted Domains

Name IP Active
laporcovid19.org 104.21.85.166 true
googleads.g.doubleclick.net 172.217.23.66 true
www.laporcovid19.org 104.21.85.166 true
i.ytimg.com 172.217.23.86 true
photos-ugc.l.googleusercontent.com 172.217.23.1 true
consent.youtube.com 172.217.23.46 true
cms.laporcovid19.org 172.67.207.167 true
googlehosted.l.googleusercontent.com 172.217.23.1 true
clients2.googleusercontent.com unknown unknown
yt3.ggpht.com unknown unknown
accounts.youtube.com unknown unknown
www.youtube.com unknown unknown
static.doubleclick.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.youtube.com/embed/0rMjn0gn3-s false
    		high
    http://www.laporcovid19.org/ false
    • Avira URL Cloud: safe
    		 unknown
    https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1 false
      		high
      https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1 false
        		high
        http://laporcovid19.org/ false
        • Avira URL Cloud: safe
        		 unknown
        https://laporcovid19.org/ false
          		unknown
          https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCboLp6FcRL5LbKL46sXBXlg%3Ffeature%3Demb_ch_name_ex&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1 false
            		high
            https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D0rMjn0gn3-s%26feature%3Demb_imp_woyt&gl=DE&m=0&pc=yt&uxe=23983172&hl=en&src=1 false
              		high