Windows Analysis Report http://180.104.246.3

Overview

General Information

Sample URL: http://180.104.246.3
Analysis ID: 458985
Infos:

Most interesting Screenshot:
Errors
  • URL not reachable

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

No high impact signatures.

Classification

There are no high impact signatures.

Source: unknown TCP traffic detected without corresponding DNS query: 180.104.246.3
Source: unknown TCP traffic detected without corresponding DNS query: 180.104.246.3
Source: unknown TCP traffic detected without corresponding DNS query: 180.104.246.3
Source: unknown TCP traffic detected without corresponding DNS query: 180.104.246.3
Source: unknown TCP traffic detected without corresponding DNS query: 180.104.246.3
Source: unknown TCP traffic detected without corresponding DNS query: 180.104.246.3
Source: unknown TCP traffic detected without corresponding DNS query: 180.104.246.3
Source: unknown TCP traffic detected without corresponding DNS query: 180.104.246.3
Source: unknown TCP traffic detected without corresponding DNS query: 180.104.246.3
Source: unknown DNS traffic detected: queries for: accounts.google.com
Source: Current Session.0.dr String found in binary or memory: http://180.104.246.3/
Source: Current Session.0.dr String found in binary or memory: http://180.104.246.3/d=
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://accounts.google.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://apis.google.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://clients2.google.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: d782c689-3ce9-4c14-9742-00c6796b20e3.tmp.1.dr, 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://dns.google
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://fonts.googleapis.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://fonts.gstatic.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://ogs.google.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://play.google.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://redirector.gvt1.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://ssl.gstatic.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://www.google.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://www.googleapis.com
Source: 609f01de-31a8-4d6c-8920-8961dceb5737.tmp.1.dr String found in binary or memory: https://www.gstatic.com
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: classification engine Classification label: unknown0.win@15/48@2/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6109C27F-1680.pma Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://180.104.246.3'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,17160568527506305237,18363554842373443119,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,17160568527506305237,18363554842373443119,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 458985 URL: http://180.104.246.3 Startdate: 04/08/2021 Architecture: WINDOWS Score: 0 5 chrome.exe 10 35 2->5         started        dnsIp3 11 180.104.246.3, 80 CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvince China 5->11 13 192.168.2.1 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 8 chrome.exe 12 5->8         started        process4 dnsIp5 17 accounts.google.com 216.58.205.77, 443, 49734 GOOGLEUS United States 8->17 19 clients.l.google.com 216.58.208.174, 443, 49733 GOOGLEUS United States 8->19 21 2 other IPs or domains 8->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
216.58.208.174
 clients.l.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
216.58.205.77
 accounts.google.com United States
15169 GOOGLEUS false
180.104.246.3
 unknown China
137702 CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvince false

Private
IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
accounts.google.com 216.58.205.77 true
clients.l.google.com 216.58.208.174 true
clients2.google.com unknown unknown