Windows Analysis Report ATT24207.html

Overview

General Information

Sample Name: ATT24207.html
Analysis ID: 502671
MD5: 29e469d37ccfa7a163da4ed671bf14e2
SHA1: 3eb92a8efc70db1864cbf69b16938d75dadce934
SHA256: e45e1a7b4d3c9f67921c3ad5a8d58058f4f390e016346c183118143b5c8e4f8c
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected HtmlPhish44
Phishing site detected (based on image similarity)
No HTML title found
JA3 SSL client fingerprint seen in connection with other malware
HTML body contains low number of good links
IP address seen in connection with other malware
Submit button contains javascript call

Classification

Phishing:

barindex
Yara detected HtmlPhish44
Source: Yara match File source: ATT24207.html, type: SAMPLE
Phishing site detected (based on image similarity)
Source: file:///C:/Users/user/Desktop/ATT24207.html?bbre=1634226343231#/1634226343231-@&WQ3JwLcquUHyk5hzPVseNTK4t!&@R6wPnDsXgHNIv2fx!&@-ZWxpc2FiZXRoLmdhbGxleUBjaHV2LmNo-1634226343231/1634226343231 Matcher: Found strong image similarity, brand: Microsoft image: 81505.1.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
No HTML title found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: HTML title missing
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: Number of links: 0
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: Number of links: 0
Submit button contains javascript call
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&id=292841&uiflavor=web&cobrandid=723718773160&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&bk=1526624084 HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084 HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084 HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084 HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1526624083%26rver%3D6.7.6640.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015%26contextid%3D982B2F78FD1575EA%26bk%3D1526624084&amp;id=292841&amp;uiflavor=web&amp;cobrandid=723718773160&amp;uaid=71693e68d6ab4064b6ac1c2f53d534bb&amp;mkt=EN-US&amp;lc=1033&amp;bk=1526624084 HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\2200_1522987924\LICENSE.txt Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49849 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49850 version: TLS 1.2

Networking:

barindex
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.16.18.94 104.16.18.94
Source: Joe Sandbox View IP Address: 104.16.18.94 104.16.18.94
Source: Joe Sandbox View IP Address: 67.199.248.11 67.199.248.11
Source: Joe Sandbox View IP Address: 67.199.248.11 67.199.248.11
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49680
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49678
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 23.49.139.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.49.139.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.49.139.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.49.139.27
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown TCP traffic detected without corresponding DNS query: 104.127.115.201
Source: unknown TCP traffic detected without corresponding DNS query: 104.127.115.201
Source: unknown TCP traffic detected without corresponding DNS query: 104.127.115.201
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown TCP traffic detected without corresponding DNS query: 95.100.218.151
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.143
Source: Ruleset Data.0.dr String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
Source: angular.js.0.dr String found in binary or memory: http://angularjs.org
Source: angular.js.0.dr String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr String found in binary or memory: http://llvm.org/):
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Reporting and NEL.1.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=9GZUHXTtvE%2F15QkRa0W4K7oUlqhobZhX9fBp7Ouq2oruVaHd5me7bDA9v
Source: Reporting and NEL.1.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=WBIgPf73%2BWxk5oUE8vtcPgBls90hzqDwCB4Vye3y%2F4znIs8zLZAiCeV
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Source: data_1.1.dr String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfa
Source: Network Action Predictor.0.dr String found in binary or memory: https://account.live.com/
Source: History.0.dr String found in binary or memory: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3Fwa%3Dwsignin1.
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_HFeToeM4u6fzMQF_f_rQ5Q
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/AppCentipede/AppCentipede_Microsoft_white_ufRYlllWOw4YyDRi
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_Gray_X-qkgtg8KmnQEvm_9mDTcw2.svg5x
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/Microsoft_Logotype_White_4MYDQRab31HKDWWN-1HafA2.svg
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/favicon.ico
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/favicon.ico4
Source: data_1.1.dr String found in binary or memory: https://account.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Source: Current Session.0.dr String found in binary or memory: https://account.live.com/password/reset
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, manifest.json4.0.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: Network Action Predictor.0.dr String found in binary or memory: https://acctcdn.msauth.net/
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/accountcorepackage_tJqkxod2akFqIDWp-BRsNA2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1$
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svgw
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
Source: data_1.1.dr, Favicons.0.dr String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1:.
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=17-
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1a
Source: data_1.1.dr String found in binary or memory: https://acctcdn.msauth.net/wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://ajax.googleapis.com
Source: data_1.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: data_1.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.jso
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, manifest.json4.0.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.0.dr String found in binary or memory: https://apis.google.com/js/client.js
Source: Current Session.0.dr String found in binary or memory: https://bit.ly/2UqudLY
Source: History.0.dr String found in binary or memory: https://bit.ly/2UqudLYRecover
Source: mirroring_common.js.0.dr String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: data_1.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js
Source: data_1.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js
Source: data_1.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js?
Source: data_1.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js
Source: data_1.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js
Source: data_1.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.jsf
Source: pnacl_public_x86_64_libcrt_platform_a.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libcrt_platform_a.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json1.0.dr, manifest.json3.0.dr, manifest.json.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.1.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCZ1PG8T4iKcFEgk
Source: manifest.json4.0.dr String found in binary or memory: https://content.googleapis.com
Source: mirroring_cast_streaming.js.0.dr, common.js.0.dr String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: LICENSE.txt.0.dr String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
Source: Reporting and NEL.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: data_3.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, e77329a5-9a19-4dc2-b9ef-e00baa5a174a.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr, 3cddfce6-c5a2-4d2c-9441-dd7beef21176.tmp.1.dr String found in binary or memory: https://dns.google
Source: mirroring_common.js.0.dr String found in binary or memory: https://docs.google.com
Source: LICENSE.txt.0.dr String found in binary or memory: https://easylist.to/)
Source: manifest.json4.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json4.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json4.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.dr String found in binary or memory: https://github.com/angular/material
Source: LICENSE.txt.0.dr String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json4.0.dr String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_1.1.dr String found in binary or memory: https://kifot.wancdnapp.page/616700eab73a140ba8549ca3.js
Source: mirroring_common.js.0.dr String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.0.dr String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json1.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://r4---sn-4g5ednsd.gvt1.com
Source: data_3.1.dr String found in binary or memory: https://r4---sn-4g5ednsd.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=102.1
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://redirector.gvt1.com
Source: data_1.1.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: data_1.1.dr String found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/332031507388606b90fee610b57841a3.js
Source: data_1.1.dr String found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/afa6a734c2a7acf6d83fe55994ffbde1nbr1634140376.j
Source: data_1.1.dr String found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/css/afa6a734c2a7acf6d83fe55994ffbde1nbr16341403
Source: data_1.1.dr String found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/css/b54d64bedeab2e123782af00bf32d7banbr16341403
Source: data_1.1.dr String found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/arrow_left.svg
Source: data_1.1.dr String found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/ellipsis_grey.svg
Source: data_1.1.dr String found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/ellipsis_grey.svg9
Source: data_1.1.dr String found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/microsoft_logo.svg
Source: data_1.1.dr String found in binary or memory: https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301634140370.j
Source: craw_window.js.0.dr, manifest.json1.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_1.1.dr, Favicons.0.dr String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
Source: data_1.1.dr String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico~r
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json66.0.dr, feedback.html.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json66.0.dr, feedback.html.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: data_1.1.dr String found in binary or memory: https://unpkg.com/axios
Source: data_1.1.dr String found in binary or memory: https://unpkg.com/lodash
Source: data_1.1.dr String found in binary or memory: https://unpkg.com/vue
Source: data_1.1.dr String found in binary or memory: https://unpkg.com/vue-router
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, manifest.json4.0.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://www.google.com
Source: manifest.json1.0.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.0.dr String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json4.0.dr String found in binary or memory: https://www.google.com;
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json4.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json4.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json4.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json4.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json4.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json4.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json4.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json4.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.0.dr String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.0.dr String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 2078af3a-2234-447c-8802-e19ca7fbe715.tmp.1.dr, 0f570192-92cc-492d-bde8-56eed6a617b2.tmp.1.dr, 17715a59-2c8c-4df5-a97d-899f3b6e68cf.tmp.1.dr String found in binary or memory: https://www.gstatic.com
Source: common.js.0.dr String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json4.0.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 18.10.0.17134.0.0; IDCRL-cfg 16.000.27716.00; App svchost.exe, 10.0.17134.1, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4740Host: login.live.com
Source: unknown DNS traffic detected: queries for: accounts.google.com
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:BE8AB8DF-DCD1-3523-4A95-3A04EAFF1CBA&ctry=US&time=20211014T154526Z&lc=en-US&pl=en-US&idtp=mid&uid=b029da70-c67b-4a7e-9bd5-517f7e302ed9&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=f8fe5003920149bf97d237d78c495040&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1209353&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1209353&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32345&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAU+CVBfQcFvEv2DZI9cfqZBAbEzGMAARZBCLq1twRyg2iSP3eIYMS42sDelJJyfwjLzJeHFZ1K+G9EDFBmRoXfbKUWgcJqzYfLKyrQMp6+uC9Fh3ZjcIkGAlgHYWU4w98yeLpBakQHP8mWUHz7jHx0ST4I1Z7cDGcu725PNBeQ2ym0yme/xxaodd/crR84vzNj3zhPqBDwgx+pK3gMK+CBcbJ1Riu+RTOZyvoHoxfRagz8nFA83XyAldQIvaCUP/yoFndsM11CKZwpxU2VDJCK3/yrdj3JdZXSKV8hZOv7UdgenUMS1CJKCjZcdPktYK/f+M+HRErFCE8wiZoVcBk8EHweLrhevDy3S3+SrA/dc+ud2GclKJgDZgAACAVhvew7fWkAsAFwXW28geF70k4rjBf/DZrz9Jxf5EoLW6+ejvZJsglgx8HYqXuhPj6E8NxeILowLaZgjGB8AckBE5OJfahs64xbW7uoPUrd6pLW//b9VFQNxTWaOcCZSA5oRca7dvA44ZJPEytaVco19NuJaG9UZfmkZN8cQBM/SEa0fFGI77hFoLQiC9igeRnbdFblT43Y8ZCs+VCQXskw6k1k2EOE9ZZWPwrMOQQ9j+P3Ebm6+xJlxkbvTvr4AOhI65QssXCtFwe8m1JBdFBUWDa2ovLHcNO09snzVM754se6WouUsnDGhWWRK5xWTSEWxRzYNcnjCOYtQt0Dwq90GrtGxSOkT9JIkS+mZWfSIyiEiBFRws/OHpWVwC7wAbA+y7y6UhZvzyhztVkzFVMLMieyaGkjrCTFQi0ww/wstKDbfy4jcB7CiEmVKunszfBkzW1+hy8TpeP3NH0r++36CX9MilxXgDUjHtEjfYdP52Y1JLC5IeGRDvNDaDGomuqw0gOiG68J2oKMS4lGrtBLG9fYakyGR91Z+r1ETDvfh0F47RDh4/2xLKwjLL9SwDqNC3PKRSYQcw/YAQ==&p=Cache-Control: no-cacheMS-CV: NNZPdMUmRUqWyJhV.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:BE8AB8DF-DCD1-3523-4A95-3A04EAFF1CBA&ctry=US&time=20211014T154526Z&lc=en-US&pl=en-US&idtp=mid&uid=b029da70-c67b-4a7e-9bd5-517f7e302ed9&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=a87b8115d61c47e0bb9c94c4967ca79d&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1209353&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1209353&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32345&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAU+CVBfQcFvEv2DZI9cfqZBAbEzGMAAYNg3Sww2/AnNV6ASdmYeau3E0KsmJsMPtVlQYGUtQkk+r8s32MUaLmDAHn1035rg0bsa1ev21d+vBSj+EU4RHMcNCTEq1ZXyu03Bp5NThlsVkPeZOLxg3No8lLQkRm/pDmyeAxNo60V/y3OOieLIoYntx7ccBh5fbOF/hhYgrUJPZQ2OY4hkihkxs2JLAafKr25E/iPHhZZOSpE0R6jHqa/1YaWzyUzFqmoWishndeOygS4kGyCBvUjPvbctkWPrh3pGXR6pYz4Vq1smGmMRWSv55n20ZMzWS4LQxMGNUVRPFB8fJbAsCRAzN4Jxo7h4b8Jmd8OondSn6liwjq2LKoDZgAACPiptPszdHXSsAFhFBuNyJJt92Ui5166+BHWUFZa+VwI7VKAlgn4qsfl4B2BKyuxjTos/ijetzYCV2PQDmSPBKmo1qUYL9rJiuKNEz0uDR46qkGxFZcbXM2Gn4nFb+M9liBDSR+NNR7Nq2Yc9E6azK253HXOBp7Oh1HTIE6m8daNKthzcGbSkInqED+AvAxJu9j2w+k8n4cqQGYPACR1gRyMHpSxpTKWWMvmg+oAwXoUfBSZEDe+kBhyOy566wVpJWGgaEcAncswiQ06hoOcnWfqLCUAB2V+tmtFBTepbYeBYdfOOTBwJKmOWVjERamxho/1JNaGL9x8Jql2x1J0pj4iZm4XoWk7prOi+S1AEpLW+5OKXg7YF3D/Fb16sf76B+fYWuWNEg5qAAMT3AVjt2fHmLGNc+zZbK0uhBPPEiate/8t+dVLZR8jO0yml0Umh/04LpouwbQyg/HRqP3GKNjTsG3CG2W8gd4W2MPE2m1sOEZeEU2kn0J5mCYTBi90IKx7qYmhRm0i5g4Wcg5+AS9tA/b8tsptXfXX6qacyyk0Emp3CXDzDa6ox8slAMCHZNp6p/AzmBAycHnYAQ==&p=Cache-Control: no-cacheMS-CV: NNZPdMUmRUqWyJhV.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /client/config?cc=US&setlang=en-US HTTP/1.1X-Search-CortanaAvailableCapabilities: CortanaExperience,SpeechLanguageX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {A2AB526A-D38D-4FC9-8BA0-E34B8D6354E8}X-UserAgeClass: UnknownX-BM-Market: USX-BM-DateFormat: M/d/yyyyX-CortanaAccessAboveLock: falseX-Device-OSSKU: 48X-BM-DTZ: -420X-BM-FirstEnabledTime: 132061387448759736X-DeviceID: 0100748C09001CEAX-Search-TimeZone: Bias=480; DaylightBias=-60; TimeZoneKeyName=Pacific Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDgAkR8BAAUW3WS0TDKGu2jEbBhB%2BXls4oNzBQAAdmVI601s7YUxnKSDtCt75MkYvjR/sxxhMJRSf/1qwKjehDgmat/WImjpbgIsXWxkO%2BTixhklDMSGAbj4aRZJqRDLnViUCuusXpuhR5Mu%2BdAzJlkQ7wamedAz9aS%2BSKAQOCj/9OzRcAwzSMjo05yAkLpFv5oaZrwIvE7ye0FvUjznRvZ7dS9vHNZHbofJkvFcrAd/Ocnu1uKcFs71fhju1KSq2kV2qYIEMH8ZEuBu/uonTn7w%2BK7V4TQXNR%2BCuEs7c0mjDcISRWOe97TzHWXWTAQZ%2BrPqf%2BpSC5a%2BRC6ST0akoqBRdGyIKLsjqkzeTqrrKMZa/FogyDBUBfDKcPxt5QDZgAACNEW0rAszmM7sAHEGDKkrVOYpEEb8b2FkyEe/Dfg1WnCyQJ/IpMt4bjOB/0CI1sjsuSO4WZ6ZfbNUkcPnLk58RBfqzAwp8DjddXogQkLXFIGHC0x1AcA65kUQF%2BmomhD0N5goBYqG61GKdI9fadgp8/sbeUkn9NpSOy3PGfr5iZrGqXkL2WYOHyPpMt%2BGyeNomhoDVcVX5JJdgdIt29ccEGm/sDUJr9hsB8EADlx/cWah70C1G9wG11ezaTmgsQlvj2GeXhhyeAR0IpqSzsb4VmeT3p5BqZN3Cvh5EglRMxmjrbIlbF4mRlGYhpT7NPci9GpF%2BqFxF/iY0jJeMoRooAz%2BPsAMQo/6Tz2GSwZW2Fy6o0uPS1UyEVSfIyb/FDsBicn21bVLWADvK9DSB2zlHX94IDnsltoIkbV/i3hY4pvd9IHPmOzOgeDtazxfVjjQxOPBl1heegn41ZxIQFEU6TUxpS%2Buo8HRaokWz5Mo6TaLyQIVb592t33CRhUUM1fRxRFfaE7TZOl3zcaEdWKOTsV9ZbUt08YZd5h/DR7vSD3UgQxB55M4t9VrXg6ykRzQlxjzAFFAqipIAbYAQ%3D%3D%26p%3DX-Agent-DeviceId: 0100748C09001CEAX-BM-CBT: 1634226324User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.10.7.17134; 10.0.0.0.17134.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134X-Device-isOptin: trueAccept-language: en-US, enX-Device-Touch: falseX-Device-ClientSession: CB3D104B96D94235B2067C059317C51AX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-BM-ClientFeatures: pbitcpdisabled,AmbientWidescreen,rs1musicprod,CortanaSPAXamlHeaderHost: www.bing.comConnection: Keep-AliveCookie: MUID=54AD14FB4D1E4A6C815A867991009454
Source: global traffic HTTP traffic detected: GET /616700eab73a140ba8549ca3.js HTTP/1.1Host: kifot.wancdnapp.pageConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/css/afa6a734c2a7acf6d83fe55994ffbde1nbr1634140376.css HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/css/b54d64bedeab2e123782af00bf32d7banbr1634140376.css HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /axios@0.16.1/dist/axios.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/afa6a734c2a7acf6d83fe55994ffbde1nbr1634140376.js HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /vue@2.6.11/dist/vue.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /vue-router@2.7.0/dist/vue-router.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/vuex/2.3.1/vuex.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /lodash@4.17.4/lodash.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/332031507388606b90fee610b57841a3.js HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/js/a3107e4d4ae0ea783cd1177c52f1e6301634140370.js HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/microsoft_logo.svg HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/ellipsis_grey.svg HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/arrow_left.svg HTTP/1.1Host: rikcndapplala.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/arrow_left.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikcndapplala.web.app
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikcndapplala.web.app
Source: global traffic HTTP traffic detected: GET /zvhtjykjhvzxvxz/themes/imgs/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: rikcndapplala.web.app
Source: global traffic HTTP traffic detected: GET /2UqudLY HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /knockout_old_GJ62c6D9R5HuKFdkoO8XYw2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /accountcorepackage_tJqkxod2akFqIDWp-BRsNA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://account.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global traffic HTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 199.36.158.100:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49849 version: TLS 1.2
Source: unknown HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49850 version: TLS 1.2
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\ATT24207.html'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,2607996047392706192,9024024679786612816,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,2607996047392706192,9024024679786612816,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-616850A5-898.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\b9f20c00-4fd9-4d77-9183-cb1ab113842f.tmp Jump to behavior
Source: classification engine Classification label: mal52.phis.winHTML@36/256@16/14
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\2200_1522987924\LICENSE.txt Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 502671 Sample: ATT24207.html Startdate: 14/10/2021 Architecture: WINDOWS Score: 52 20 sni1gl.wpc.alphacdn.net 2->20 22 scdn1efff.wpc.9da5e.alphacdn.net 2->22 24 2 other IPs or domains 2->24 36 Yara detected HtmlPhish44 2->36 38 Phishing site detected (based on image similarity) 2->38 7 chrome.exe 16 462 2->7         started        signatures3 process4 dnsIp5 26 192.168.2.1 unknown unknown 7->26 28 239.255.255.250 unknown Reserved 7->28 14 C:\...\pnacl_public_x86_64_pnacl_sz_nexe, ELF 7->14 dropped 16 C:\...\pnacl_public_x86_64_pnacl_llc_nexe, ELF 7->16 dropped 18 C:\Users\user\...\pnacl_public_x86_64_ld_nexe, ELF 7->18 dropped 11 chrome.exe 38 7->11         started        file6 process7 dnsIp8 30 accounts.google.com 172.217.168.45, 443, 49742 GOOGLEUS United States 11->30 32 clients.l.google.com 172.217.168.78, 443, 49740, 58386 GOOGLEUS United States 11->32 34 20 other IPs or domains 11->34
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.168.45
 accounts.google.com United States
15169 GOOGLEUS false
104.16.18.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
67.199.248.11
 bit.ly United States
396982 GOOGLE-PRIVATE-CLOUDUS false
216.58.215.225
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
104.21.47.62
 kifot.wancdnapp.page United States
13335 CLOUDFLARENETUS false
199.36.158.100
 rikcndapplala.web.app United States
15169 GOOGLEUS false
172.217.168.78
 clients.l.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
152.199.21.175
 sni1gl.wpc.alphacdn.net United States
15133 EDGECASTUS false
152.199.23.37
 cs1100.wpc.omegacdn.net United States
15133 EDGECASTUS false
104.16.126.175
 unpkg.com United States
13335 CLOUDFLARENETUS false

Private
IP
192.168.2.1
192.168.2.6
127.0.0.1

Contacted Domains

Name IP Active
kifot.wancdnapp.page 104.21.47.62 true
cs1100.wpc.omegacdn.net 152.199.23.37 true
accounts.google.com 172.217.168.45 true
rikcndapplala.web.app 199.36.158.100 true
cdnjs.cloudflare.com 104.16.18.94 true
bit.ly 67.199.248.11 true
sni1gl.wpc.alphacdn.net 152.199.21.175 true
clients.l.google.com 172.217.168.78 true
unpkg.com 104.16.126.175 true
googlehosted.l.googleusercontent.com 216.58.215.225 true
aadcdn.msftauth.net unknown unknown
aadcdn.msauth.net unknown unknown
account.live.com unknown unknown
acctcdn.msauth.net unknown unknown
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown
secure.aadcdn.microsoftonline-p.com unknown unknown
acctcdn.msftauth.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1 false
  • URL Reputation: safe
 unknown
https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/arrow_left.svg false
  • Avira URL Cloud: safe
 unknown
https://kifot.wancdnapp.page/616700eab73a140ba8549ca3.js false
  • Avira URL Cloud: safe
 unknown
https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/332031507388606b90fee610b57841a3.js false
  • Avira URL Cloud: safe
 unknown
https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/imgs/microsoft_logo.svg false
  • Avira URL Cloud: safe
 unknown
https://acctcdn.msauth.net/bootstrapshim_IX6xrWCoGcREOsbbsQ1Yvg2.js?v=1 false
  • Avira URL Cloud: safe
 unknown
https://unpkg.com/vue@2.6.11/dist/vue.min.js false
    		high
    https://acctcdn.msauth.net/jqueryshim_tGLkJ9mWEbN2n0ToVG2gvQ2.js?v=1 false
    • Avira URL Cloud: safe
    		 unknown
    https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js false
    • URL Reputation: safe
    		 unknown
    https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js false
      		high
      https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg false
      • URL Reputation: safe
      		 unknown
      https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
        		high
        https://rikcndapplala.web.app/zvhtjykjhvzxvxz/themes/afa6a734c2a7acf6d83fe55994ffbde1nbr1634140376.js false
        • Avira URL Cloud: safe
        		 unknown
        https://acctcdn.msauth.net/resetpasswordpackage_L8Ee0uN0GOAyvurXVgtE8g2.js?v=1 false
        • Avira URL Cloud: safe
        		 unknown
        https://acctcdn.msauth.net/bootstrapcomponentshim_yGKy8jAx8RL2bLqmBF063w2.js?v=1 false
        • Avira URL Cloud: safe
        		 unknown
        https://unpkg.com/vue-router@2.7.0/dist/vue-router.min.js false
          		high
          https://acctcdn.msauth.net/wlivepackagefull_2169QIWB52Tqqm3jo5_AUA2.js?v=1 false
          • Avira URL Cloud: safe
          		 unknown
          https://unpkg.com/axios@0.16.1/dist/axios.min.js false
            		high
            https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js false
              		high
              https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js false
                		high
                https://acctcdn.msauth.net/converged_ux_v2_kGcCYmU0rW3A6Zc7U1O8nw2.css?v=1 false
                • Avira URL Cloud: safe
                		 unknown
                https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
                  		high
                  https://bit.ly/2UqudLY false
                    		high
                    https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js false
                      		high
                      https://unpkg.com/lodash@4.17.4/lodash.min.js false
                        		high