Edit tour

Windows Analysis Report
https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821

Overview

General Information

Sample URL:	https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821
Analysis ID:	562519
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Suspicious form URL found

No HTML title found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6516 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821 MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,9302057933297055962,10316816090944240565,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.facebook.com/login.php?skip_api_login=1&api_key=966242223397117&signed_next=1&next=https%3A%2F%2Fwww.facebook.com%2Fsharer.php%3Fu%3Dhttps%253A%252F%252Fwww.quiz-bliss.com%252Fkittycantrell%252Fharry-potter-20-year-anniversary-trivia-quiz-112821&cancel_url=https%3A%2F%2Fwww.facebook.com%2Fdialog%2Fclose_window%2F%3Fapp_id%3D966242223397117%26connect%3D0%23_%3D_&display=popup&locale=en_US

HTTP Parser: Form action: /login/device-based/regular/login/?login_attempt=1&next=https%3A%2F%2Fwww.facebook.com%2Fsharer.php%3Fu%3Dhttps%253A%252F%252Fwww.quiz-bliss.com%252Fkittycantrell%252Fharry-potter-20-year-anniversary-trivia-quiz-112821&popup=1&lwv=100

HTTP Parser: HTML title missing

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown	HTTPS traffic detected: 34.98.97.49:443 -> 192.168.2.3:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.97.49:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.97.49:443 -> 192.168.2.3:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.97.49:443 -> 192.168.2.3:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.6:443 -> 192.168.2.3:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.6:443 -> 192.168.2.3:50025 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:50416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:50415 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: www.quiz-bliss.com

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50502
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50501
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50503
Source: unknown	Network traffic detected: HTTP traffic on port 50578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50506
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50505
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50508
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50500
Source: unknown	Network traffic detected: HTTP traffic on port 50486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50509
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50513
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50512
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50515
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50517
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50516
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50519
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50518
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50511
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50510
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50523
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50526
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50525
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50528
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50527
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50529
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50520
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50522
Source: unknown	Network traffic detected: HTTP traffic on port 50612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50521
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50556 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50568 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50429 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50578
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50571
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50570
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50573
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50572
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50575
Source: unknown	Network traffic detected: HTTP traffic on port 50632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50574
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50577
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50576
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50580
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50589
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown	Network traffic detected: HTTP traffic on port 50505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50582
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50584
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50586
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50585
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50588
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50358
Source: unknown	Network traffic detected: HTTP traffic on port 50609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown	Network traffic detected: HTTP traffic on port 50558 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50362
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50370
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50534
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50539
Source: unknown	Network traffic detected: HTTP traffic on port 50571 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50531
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50530
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50532
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50545
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50548
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50547
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50549
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50540
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50543
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50557
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50556
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50559
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50558
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50551
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50550
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 50394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50553
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50555
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50554
Source: unknown	Network traffic detected: HTTP traffic on port 50630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50326
Source: unknown	Network traffic detected: HTTP traffic on port 50503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50568
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50567
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50569
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50560
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50562
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50561
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50564
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50563
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 50488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50566
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50323
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50565
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 50617 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50297
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50515 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50549 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50481 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50527 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50494
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50493
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50496
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50495
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50497
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50499
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443

Source: angular.js.0.dr	String found in binary or memory: http://angularjs.org
Source: angular.js.0.dr	String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: manifest.json2.0.dr, d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: manifest.json2.0.dr, d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.0.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: mirroring_common.js.0.dr	String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.dr	String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json.0.dr, manifest.json2.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://clients6.google.com
Source: manifest.json2.0.dr	String found in binary or memory: https://content.googleapis.com
Source: mirroring_cast_streaming.js.0.dr, common.js.0.dr	String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: 8d454001-03cc-42a8-ba1a-a4134cd05d7b.tmp.2.dr, 587ad5c5-835b-4e10-8cd7-57d6afe643ce.tmp.2.dr, d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://dns.google
Source: mirroring_common.js.0.dr	String found in binary or memory: https://docs.google.com
Source: manifest.json2.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json2.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json2.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.dr, angular.js.0.dr	String found in binary or memory: https://github.com/angular/material
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json2.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: mirroring_common.js.0.dr	String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.0.dr	String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json15.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json49.0.dr, feedback.html.0.dr, messages.json61.0.dr, messages.json62.0.dr, messages.json75.0.dr, messages.json59.0.dr, messages.json27.0.dr, messages.json44.0.dr, messages.json46.0.dr, messages.json33.0.dr, messages.json0.0.dr, messages.json48.0.dr, messages.json88.0.dr, messages.json14.0.dr, messages.json87.0.dr, messages.json57.0.dr, messages.json76.0.dr, messages.json.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json15.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json49.0.dr, feedback.html.0.dr, messages.json61.0.dr, messages.json62.0.dr, messages.json75.0.dr, messages.json59.0.dr, messages.json27.0.dr, messages.json44.0.dr, messages.json46.0.dr, messages.json33.0.dr, messages.json0.0.dr, messages.json48.0.dr, messages.json88.0.dr, messages.json14.0.dr, messages.json87.0.dr, messages.json57.0.dr, messages.json76.0.dr, messages.json.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: manifest.json2.0.dr, d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.0.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json2.0.dr	String found in binary or memory: https://www.google.com;
Source: craw_window.js.0.dr, craw_background.js.0.dr, d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json2.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json2.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json2.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json2.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json2.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json2.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json2.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json2.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.0.dr	String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.0.dr	String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	String found in binary or memory: https://www.gstatic.com
Source: common.js.0.dr	String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json2.0.dr	String found in binary or memory: https://www.gstatic.com;
Source: History Provider Cache.0.dr	String found in binary or memory: https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-1128212YCelebr

Source: unknown	HTTPS traffic detected: 34.98.97.49:443 -> 192.168.2.3:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.97.49:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.97.49:443 -> 192.168.2.3:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.97.49:443 -> 192.168.2.3:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.6:443 -> 192.168.2.3:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.6:443 -> 192.168.2.3:50025 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:50416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:50415 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\5330c1eb-1ebf-48d1-8634-2d3cc72d12b0.tmp

Jump to behavior

Source: classification engine

Classification label: clean1.win@46/203@48/25

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,9302057933297055962,10316816090944240565,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,9302057933297055962,10316816090944240565,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61F4F4AC-1974.pma

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://www.quiz-bliss.com/	0%	Virustotal		Browse
https://dns.google	0%	URL Reputation	safe
https://www.google.com;	0%	Avira URL Cloud	safe
https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-1128212YCelebr	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
gstaticadssl.l.google.com	216.58.215.227	true	false	high
um.wbtrk.net	127.0.0.2	true	false	unknown
s.tribalfusion.com	104.18.13.5	true	false	high
tr.blismedia.com	34.96.105.8	true	false	unknown
media-gcp.women.com	35.186.224.64	true	false	high
www.googletagservices.com	172.217.168.2	true	false	high
www.quiz-bliss.com	130.211.6.0	true	false	unknown
adservice.google.com	142.250.203.98	true	false	high
scontent.xx.fbcdn.net	157.240.17.15	true	false	high
cm.g.doubleclick.net	172.217.168.34	true	false	high
tg.dr.socdm.com	202.241.208.100	true	false	high
www.google.com	142.250.203.100	true	false	high
eu2-ice.360yield.com	18.197.199.94	true	false	high
e-volution.rtb-as-useast.ak-is2.net	174.137.133.49	true	false	unknown
star-mini.c10r.facebook.com	157.240.17.35	true	false	high
pagead46.l.doubleclick.net	142.250.203.98	true	false	high
pagead-googlehosted.l.google.com	172.217.168.65	true	false	high
accounts.google.com	142.250.203.109	true	false	high
www-google-analytics.l.google.com	142.250.203.110	true	false	high
googleads4.g.doubleclick.net	172.217.168.66	true	false	high
img.women.com	34.98.97.49	true	false	high
nl3ads5.simpli.fi	169.50.137.182	true	false	high
cs.media.net	184.87.212.24	true	false	high
partnerad.l.doubleclick.net	172.217.168.66	true	false	high
s0-2mdn-net.l.google.com	172.217.168.6	true	false	high
googleads.g.doubleclick.net	172.217.168.2	true	false	high
cs.emxdgt.com	18.195.155.181	true	false	unknown
s.ad.smaato.net	143.204.215.20	true	false	high
a.tribalfusion.com	104.18.12.5	true	false	high
sb.scorecardresearch.com	143.204.215.108	true	false	unknown
clients.l.google.com	142.250.203.110	true	false	high
ib.anycast.adnxs.com	185.33.221.13	true	false	high
googlehosted.l.googleusercontent.com	172.217.168.33	true	false	high
securepubads.g.doubleclick.net	unknown	unknown	false	high
um.simpli.fi	unknown	unknown	false	high
htlb.casalemedia.com	unknown	unknown	false	high
a.rfihub.com	unknown	unknown	false	high
fastlane.rubiconproject.com	unknown	unknown	false	high
adservice.google.co.uk	unknown	unknown	false	unknown
clients2.googleusercontent.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
rtb2-useast.e-volution.ai	unknown	unknown	false	unknown
www.facebook.com	unknown	unknown	false	high
cdn-heroku.women.com	unknown	unknown	false	high
connect.facebook.net	unknown	unknown	false	high
px.ads.linkedin.com	unknown	unknown	false	high
static.xx.fbcdn.net	unknown	unknown	false	high
tg.socdm.com	unknown	unknown	false	high
dsum-sec.casalemedia.com	unknown	unknown	false	high
s.pinimg.com	unknown	unknown	false	high
ib.adnxs.com	unknown	unknown	false	high
match.360yield.com	unknown	unknown	false	high
s0.2mdn.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://s0.2mdn.net/sadbundle/11288944710048972181/300x250-en/index.html	false		high
https://googleads.g.doubleclick.net/xbbe/pixel?d=CKi2gLICELWvmbICGJK0-78BMAE&v=APEucNU7Y7rRXHnNhkvcuUveQ6PCY04sEqUwGAnKQEIBoX3YcRtRU26fnK4nY9LHWgxgw9_EM4r5pUwMRrzveMSPRUUdUPew8g	false		high
https://www.quiz-bliss.com/quizzes/harry%20potter	false		unknown
https://googleads.g.doubleclick.net/xbbe/pixel?d=CKi2gLICELWvmbICGJK0-78BMAE&v=APEucNXD8VqIQag_88xrraiQBA3nM2WEC1ntwSS7HNbeN3Gtrz4q3swc61hzCRlP1vavH9n0GSNr1BGaaZUfuvqyyDUFEfi08w	false		high
https://www.quiz-bliss.com/kittycantrell/greys-anatomy-jackson-april-relaitonship-japril-trivia-quiz-121921	false		unknown
https://www.quiz-bliss.com/	false	0%, Virustotal, Browse	unknown
https://www.quiz-bliss.com/quizzes/movies	false		unknown
https://www.quiz-bliss.com/quizzes/knowledge?sort=recenthttps://www.quiz-bliss.com/quizzes/geography?sort=recent	false		unknown
https://www.quiz-bliss.com/kittycantrell	false		unknown
https://www.google.com/recaptcha/api2/aframe	false		high
https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821	false		unknown
https://www.quiz-bliss.com/quizzes	false		unknown
https://www.quiz-bliss.com/quizzes/entertainment?sort=recent	false		unknown
https://www.quiz-bliss.com/quizzes/trivia?sort=recent	false		unknown
https://www.quiz-bliss.com/quizzes/personality?sort=recent	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://apis.google.com/js/client.js	mirroring_common.js.0.dr	false		high
https://www.google.com/images/cleardot.gif	craw_window.js.0.dr	false		high
https://play.google.com	d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	false		high
https://crash.corp.google.com/samples?reportid=&q=	mirroring_cast_streaming.js.0.dr, common.js.0.dr	false		high
https://www.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.0.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json.0.dr	false		high
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01	mirroring_hangouts.js.0.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.0.dr	false		high
https://preprod-hangouts-googleapis.sandbox.google.com	mirroring_hangouts.js.0.dr	false		high
https://www.google.com	manifest.json2.0.dr, d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	false		high
https://hangouts.clients6.google.com	mirroring_hangouts.js.0.dr	false		high
https://meet.google.com	mirroring_common.js.0.dr	false		high
https://hangouts.google.com/hangouts/_/logpref	mirroring_hangouts.js.0.dr	false		high
https://accounts.google.com	manifest.json2.0.dr, d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	false		high
https://clients2.google.com/cr/report	mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.dr	false		high
http://angularjs.org	angular.js.0.dr	false		high
https://creativecommons.org/publicdomain/zero/1.0/.	mirroring_hangouts.js.0.dr	false		high
https://github.com/angular/material	material_css_min.css.0.dr, angular.js.0.dr	false		high
https://apis.google.com	manifest.json2.0.dr, d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.0.dr	false		high
https://github.com/madler/zlib/blob/master/zlib.h	mirroring_hangouts.js.0.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://clients2.google.com	d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	false		high
https://www.google.com/tools/feedback	feedback_script.js.0.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	mirroring_hangouts.js.0.dr	false		high
https://dns.google	8d454001-03cc-42a8-ba1a-a4134cd05d7b.tmp.2.dr, 587ad5c5-835b-4e10-8cd7-57d6afe643ce.tmp.2.dr, d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.0.dr	false		high
https://ogs.google.com	d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	false		high
https://support.google.com/chromecast/troubleshooter/2995236	messages.json15.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json49.0.dr, feedback.html.0.dr, messages.json61.0.dr, messages.json62.0.dr, messages.json75.0.dr, messages.json59.0.dr, messages.json27.0.dr, messages.json44.0.dr, messages.json46.0.dr, messages.json33.0.dr, messages.json0.0.dr, messages.json48.0.dr, messages.json88.0.dr, messages.json14.0.dr, messages.json87.0.dr, messages.json57.0.dr, messages.json76.0.dr, messages.json.0.dr	false		high
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions	mirroring_hangouts.js.0.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json.0.dr	false		high
https://www.google.com;	manifest.json2.0.dr	false	Avira URL Cloud: safe	low
https://hangouts.google.com/	manifest.json2.0.dr	false		high
https://www.google.com/images/x2.gif	craw_window.js.0.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.0.dr	false		high
https://meetings.clients6.google.com	mirroring_hangouts.js.0.dr	false		high
https://play.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.0.dr	false		high
http://tools.ietf.org/html/rfc1950	mirroring_hangouts.js.0.dr	false		high
https://support.google.com/chromecast/answer/2998456	messages.json15.0.dr, messages.json5.0.dr, messages.json7.0.dr, messages.json49.0.dr, feedback.html.0.dr, messages.json61.0.dr, messages.json62.0.dr, messages.json75.0.dr, messages.json59.0.dr, messages.json27.0.dr, messages.json44.0.dr, messages.json46.0.dr, messages.json33.0.dr, messages.json0.0.dr, messages.json48.0.dr, messages.json88.0.dr, messages.json14.0.dr, messages.json87.0.dr, messages.json57.0.dr, messages.json76.0.dr, messages.json.0.dr	false		high
https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-1128212YCelebr	History Provider Cache.0.dr	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com	d389d252-a51e-410a-befb-c0892fd8eb6f.tmp.2.dr	false		high
https://docs.google.com	mirroring_common.js.0.dr	false		high
https://www.google.com/	manifest.json.0.dr	false		high
https://feedback.googleusercontent.com	manifest.json2.0.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json.0.dr, manifest.json2.0.dr	false		high
https://clients6.google.com	mirroring_hangouts.js.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
169.50.137.182	nl3ads5.simpli.fi	United States	36351	SOFTLAYERUS	false
157.240.17.35	star-mini.c10r.facebook.com	United States	32934	FACEBOOKUS	false
185.33.221.13	ib.anycast.adnxs.com	Netherlands	29990	ASN-APPNEXUS	false
157.240.17.15	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
18.197.199.94	eu2-ice.360yield.com	United States	16509	AMAZON-02US	false
172.217.168.65	pagead-googlehosted.l.google.com	United States	15169	GOOGLEUS	false
172.217.168.6	s0-2mdn-net.l.google.com	United States	15169	GOOGLEUS	false
34.96.105.8	tr.blismedia.com	United States	15169	GOOGLEUS	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false
143.204.215.108	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
174.137.133.49	e-volution.rtb-as-useast.ak-is2.net	United States	27257	WEBAIR-INTERNETUS	false
184.87.212.24	cs.media.net	United States	8529	OMANTEL-ASSultanateofOmanOM	false
142.250.203.100	www.google.com	United States	15169	GOOGLEUS	false
202.241.208.100	tg.dr.socdm.com	Japan	4694	IDCFIDCFrontierIncJP	false
18.195.155.181	cs.emxdgt.com	United States	16509	AMAZON-02US	false
172.217.168.2	www.googletagservices.com	United States	15169	GOOGLEUS	false
34.98.97.49	img.women.com	United States	15169	GOOGLEUS	false
130.211.6.0	www.quiz-bliss.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.12.5	a.tribalfusion.com	United States	13335	CLOUDFLARENETUS	false
143.204.215.20	s.ad.smaato.net	United States	16509	AMAZON-02US	false
104.18.13.5	s.tribalfusion.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1
127.0.0.2
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	562519
Start date:	29.01.2022
Start time:	00:02:02
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 24s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@46/203@48/25
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Browse: https://www.quiz-bliss.com/ Browse: https://www.quiz-bliss.com/quizzes?sort=recent Browse: https://www.quiz-bliss.com/quizzes/knowledge?sort=recent Browse: https://www.quiz-bliss.com/quizzes/geography?sort=recent Browse: https://www.quiz-bliss.com/quizzes/personality?sort=recent Browse: https://www.quiz-bliss.com/quizzes/entertainment?sort=recent Browse: https://www.quiz-bliss.com/quizzes/trivia?sort=recent Browse: https://www.quiz-bliss.com/kittycantrell Browse: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.quiz-bliss.com%2Fkittycantrell%2Fharry-potter-20-year-anniversary-trivia-quiz-112821 Browse: https://www.quiz-bliss.com/quizzes/movies Browse: https://www.quiz-bliss.com/quizzes/harry%20potter Browse: https://www.quiz-bliss.com/quizzes

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
TCP Packets have been reduced to 100
Created / dropped Files have been reduced to 100
Excluded IPs from analysis (whitelisted): 2.20.156.69, 142.250.203.110, 173.194.182.73, 34.104.35.123, 172.217.168.10, 2.20.156.249, 172.217.168.33, 142.250.203.99, 104.83.145.243, 213.19.162.21, 213.19.162.41, 213.19.162.61, 213.19.162.51, 213.19.162.31, 172.217.168.66, 142.250.203.98, 2.20.157.55, 13.107.42.14, 193.0.160.128, 172.217.168.34, 142.250.203.106, 172.217.168.74, 216.58.215.234, 172.217.168.42
Excluded domains from analysis (whitelisted): e6449.dsca.akamaiedge.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, r4.sn-4g5e6ns7.gvt1.com, htlb.casalemedia.com.edgekey.net, arc.msn.com, tagged-by.rubiconproject.net.akadns.net, 2-01-37d2-0006.cdx.cedexis.net, l-0005.l-msedge.net, e8037.g.akamaiedge.net, ade.googlesyndication.com, redirector.gvt1.com, a.rfihub.com.akadns.net, update.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, prod.fs.microsoft.com.akadns.net, r4---sn-4g5e6ns7.gvt1.com, www.google-analytics.com, www-linkedin-com.l-0005.l-msedge.net, fonts.googleapis.com, fs.microsoft.com, content-autofill.googleapis.com, fonts.gstatic.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a-emea.rfihub.com.akadns.net, pagead2.googlesyndication.com, www.googleapis.com, e8037.i.akamaiedge.net, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, s.pinimg.com.edgeke
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 29, 2022 00:02:55.647094011 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.647149086 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.647231102 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.647593021 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.647619963 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.653712034 CET	49746	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.653742075 CET	443	49746	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.653837919 CET	49746	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.654738903 CET	49746	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.654752970 CET	443	49746	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.656780005 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.656821966 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.656908035 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.657118082 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.657134056 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.702502966 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.702941895 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.703001976 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.704183102 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.704286098 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.709820032 CET	443	49746	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.710475922 CET	49746	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.710501909 CET	443	49746	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.711636066 CET	443	49746	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.711711884 CET	49746	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.716365099 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.716711044 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.716733932 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.720391035 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.720482111 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.897552013 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.897957087 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.898298025 CET	49746	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.898622036 CET	443	49746	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.899420023 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.899714947 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.901040077 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.901077032 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.901359081 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.901402950 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.939935923 CET	49746	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.939954996 CET	443	49746	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:55.942712069 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:55.942981005 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.955770969 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.955938101 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.956023932 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.966243029 CET	49747	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:02:55.966300011 CET	443	49747	142.250.203.109	192.168.2.3
Jan 29, 2022 00:02:55.980940104 CET	49746	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.051341057 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.051477909 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.051532984 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.051548958 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.051582098 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.051626921 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.051644087 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.053236961 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.053317070 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.053333044 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.053982973 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.054056883 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.054070950 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.054383993 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.054452896 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.054465055 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.054990053 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.055068970 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.055079937 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.069467068 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.069569111 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.069602013 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.069788933 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.069860935 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.069876909 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.070940971 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.071016073 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.071033001 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.071053028 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.071113110 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.072035074 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.073203087 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.073273897 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.073297024 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.073318005 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.073374033 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.074307919 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.075448036 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.075516939 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.075525045 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.075539112 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.075587034 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.076626062 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.076733112 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.076792955 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.076806068 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.078939915 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.079010963 CET	49745	443	192.168.2.3	130.211.6.0
Jan 29, 2022 00:02:56.079025984 CET	443	49745	130.211.6.0	192.168.2.3
Jan 29, 2022 00:02:56.079169989 CET	443	49745	130.211.6.0	192.168.2.3

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 29, 2022 00:02:55.614727974 CET	192.168.2.3	8.8.8.8	0xc189	Standard query (0)	www.quiz-bliss.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:55.627072096 CET	192.168.2.3	8.8.8.8	0xed69	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:55.629982948 CET	192.168.2.3	8.8.8.8	0x737a	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.456367016 CET	192.168.2.3	8.8.8.8	0xf6d9	Standard query (0)	cdn-heroku.women.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.456648111 CET	192.168.2.3	8.8.8.8	0x3488	Standard query (0)	connect.facebook.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.458707094 CET	192.168.2.3	8.8.8.8	0x59a2	Standard query (0)	img.women.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.500324011 CET	192.168.2.3	8.8.8.8	0x9936	Standard query (0)	s.pinimg.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.502662897 CET	192.168.2.3	8.8.8.8	0xf75	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.538490057 CET	192.168.2.3	8.8.8.8	0x9e01	Standard query (0)	www.googletagservices.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.983953953 CET	192.168.2.3	8.8.8.8	0xb141	Standard query (0)	securepubads.g.doubleclick.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.267071009 CET	192.168.2.3	8.8.8.8	0x3432	Standard query (0)	ib.adnxs.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.270795107 CET	192.168.2.3	8.8.8.8	0x72a4	Standard query (0)	htlb.casalemedia.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.274928093 CET	192.168.2.3	8.8.8.8	0x8b27	Standard query (0)	fastlane.rubiconproject.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.606372118 CET	192.168.2.3	8.8.8.8	0x18d4	Standard query (0)	adservice.google.co.uk	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.608227015 CET	192.168.2.3	8.8.8.8	0xe49c	Standard query (0)	adservice.google.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:58.023237944 CET	192.168.2.3	8.8.8.8	0x7aeb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:58.566647053 CET	192.168.2.3	8.8.8.8	0x49c6	Standard query (0)	img.women.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:04.911273003 CET	192.168.2.3	8.8.8.8	0x26ca	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:15.843106031 CET	192.168.2.3	8.8.8.8	0x7e2b	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:16.613723040 CET	192.168.2.3	8.8.8.8	0xc94b	Standard query (0)	dsum-sec.casalemedia.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:16.614518881 CET	192.168.2.3	8.8.8.8	0xb3f3	Standard query (0)	cm.g.doubleclick.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:16.638485909 CET	192.168.2.3	8.8.8.8	0xce5e	Standard query (0)	s0.2mdn.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.022391081 CET	192.168.2.3	8.8.8.8	0xc585	Standard query (0)	googleads4.g.doubleclick.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.181843042 CET	192.168.2.3	8.8.8.8	0x63f8	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.182907104 CET	192.168.2.3	8.8.8.8	0x95f0	Standard query (0)	tr.blismedia.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.183476925 CET	192.168.2.3	8.8.8.8	0xbfc7	Standard query (0)	um.wbtrk.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.184542894 CET	192.168.2.3	8.8.8.8	0x8e8c	Standard query (0)	s.ad.smaato.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.185125113 CET	192.168.2.3	8.8.8.8	0x1e66	Standard query (0)	cs.media.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.186575890 CET	192.168.2.3	8.8.8.8	0xb095	Standard query (0)	rtb2-useast.e-volution.ai	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.256988049 CET	192.168.2.3	8.8.8.8	0xe864	Standard query (0)	cs.emxdgt.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.259310961 CET	192.168.2.3	8.8.8.8	0x14fb	Standard query (0)	a.tribalfusion.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.259547949 CET	192.168.2.3	8.8.8.8	0x8b72	Standard query (0)	um.simpli.fi	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.263844013 CET	192.168.2.3	8.8.8.8	0x1a92	Standard query (0)	match.360yield.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.266027927 CET	192.168.2.3	8.8.8.8	0x3a2d	Standard query (0)	um.wbtrk.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.267714977 CET	192.168.2.3	8.8.8.8	0x3ebb	Standard query (0)	tg.socdm.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.308453083 CET	192.168.2.3	8.8.8.8	0x1577	Standard query (0)	a.rfihub.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.597229958 CET	192.168.2.3	8.8.8.8	0x4e1f	Standard query (0)	s.tribalfusion.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:22.272322893 CET	192.168.2.3	8.8.8.8	0x47f7	Standard query (0)	s0.2mdn.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.143995047 CET	192.168.2.3	8.8.8.8	0x2647	Standard query (0)	cm.g.doubleclick.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.157195091 CET	192.168.2.3	8.8.8.8	0xfc76	Standard query (0)	dsum-sec.casalemedia.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.182234049 CET	192.168.2.3	8.8.8.8	0x614f	Standard query (0)	ib.adnxs.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:46.307507038 CET	192.168.2.3	8.8.8.8	0x42e8	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:47.622658968 CET	192.168.2.3	8.8.8.8	0x760c	Standard query (0)	static.xx.fbcdn.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:50.168093920 CET	192.168.2.3	8.8.8.8	0x394	Standard query (0)	static.xx.fbcdn.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:57.041271925 CET	192.168.2.3	8.8.8.8	0xbf21	Standard query (0)	www.quiz-bliss.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:58.214770079 CET	192.168.2.3	8.8.8.8	0x7162	Standard query (0)	connect.facebook.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:58.361192942 CET	192.168.2.3	8.8.8.8	0xdc35	Standard query (0)	img.women.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:58.983309031 CET	192.168.2.3	8.8.8.8	0x2008	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 29, 2022 00:02:55.633460045 CET	8.8.8.8	192.168.2.3	0xc189	No error (0)	www.quiz-bliss.com		130.211.6.0	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:55.654922962 CET	8.8.8.8	192.168.2.3	0x737a	No error (0)	accounts.google.com		142.250.203.109	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:55.666261911 CET	8.8.8.8	192.168.2.3	0xed69	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:55.666261911 CET	8.8.8.8	192.168.2.3	0xed69	No error (0)	clients.l.google.com		142.250.203.110	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.240607023 CET	8.8.8.8	192.168.2.3	0xfda0	No error (0)	www-google-analytics.l.google.com		142.250.203.110	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.475208044 CET	8.8.8.8	192.168.2.3	0x3488	No error (0)	connect.facebook.net	scontent.xx.fbcdn.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:56.475208044 CET	8.8.8.8	192.168.2.3	0x3488	No error (0)	scontent.xx.fbcdn.net		157.240.17.15	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.483963966 CET	8.8.8.8	192.168.2.3	0x59a2	No error (0)	img.women.com		34.98.97.49	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.486432076 CET	8.8.8.8	192.168.2.3	0xf6d9	No error (0)	cdn-heroku.women.com	media-gcp.women.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:56.486432076 CET	8.8.8.8	192.168.2.3	0xf6d9	No error (0)	media-gcp.women.com		35.186.224.64	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.497474909 CET	8.8.8.8	192.168.2.3	0x861d	No error (0)	gstaticadssl.l.google.com		216.58.215.227	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.525590897 CET	8.8.8.8	192.168.2.3	0xf75	No error (0)	sb.scorecardresearch.com		143.204.215.108	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.525590897 CET	8.8.8.8	192.168.2.3	0xf75	No error (0)	sb.scorecardresearch.com		143.204.215.23	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.525590897 CET	8.8.8.8	192.168.2.3	0xf75	No error (0)	sb.scorecardresearch.com		143.204.215.7	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.525590897 CET	8.8.8.8	192.168.2.3	0xf75	No error (0)	sb.scorecardresearch.com		143.204.215.58	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:56.528831959 CET	8.8.8.8	192.168.2.3	0x9936	No error (0)	s.pinimg.com	s-pinimg-com.gslb.pinterest.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:56.528831959 CET	8.8.8.8	192.168.2.3	0x9936	No error (0)	s-pinimg-com.gslb.pinterest.com	2-01-37d2-0006.cdx.cedexis.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:56.566591024 CET	8.8.8.8	192.168.2.3	0x9e01	No error (0)	www.googletagservices.com		172.217.168.2	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.024847031 CET	8.8.8.8	192.168.2.3	0xb141	No error (0)	securepubads.g.doubleclick.net	partnerad.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:57.024847031 CET	8.8.8.8	192.168.2.3	0xb141	No error (0)	partnerad.l.doubleclick.net		172.217.168.66	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.adnxs.com	g.geogslb.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	g.geogslb.com	ib.anycast.adnxs.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.221.13	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.220.242	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.220.240	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.221.14	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.223.38	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.221.52	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.221.90	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.220.145	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.221.89	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.221.15	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.221.91	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.285326004 CET	8.8.8.8	192.168.2.3	0x3432	No error (0)	ib.anycast.adnxs.com		185.33.220.216	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.288527966 CET	8.8.8.8	192.168.2.3	0x72a4	No error (0)	htlb.casalemedia.com	htlb.casalemedia.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:57.294650078 CET	8.8.8.8	192.168.2.3	0x8b27	No error (0)	fastlane.rubiconproject.com	tagged-by.rubiconproject.net.akadns.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:57.631336927 CET	8.8.8.8	192.168.2.3	0x18d4	No error (0)	adservice.google.co.uk	pagead46.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:02:57.631336927 CET	8.8.8.8	192.168.2.3	0x18d4	No error (0)	pagead46.l.doubleclick.net		142.250.203.98	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.633369923 CET	8.8.8.8	192.168.2.3	0xe49c	No error (0)	adservice.google.com		142.250.203.98	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:57.697981119 CET	8.8.8.8	192.168.2.3	0xf9d1	No error (0)	pagead-googlehosted.l.google.com		172.217.168.65	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:58.042224884 CET	8.8.8.8	192.168.2.3	0x7aeb	No error (0)	www.google.com		142.250.203.100	A (IP address)	IN (0x0001)
Jan 29, 2022 00:02:58.594784975 CET	8.8.8.8	192.168.2.3	0x49c6	No error (0)	img.women.com		34.98.97.49	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:04.952872038 CET	8.8.8.8	192.168.2.3	0x26ca	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:04.952872038 CET	8.8.8.8	192.168.2.3	0x26ca	No error (0)	googlehosted.l.googleusercontent.com		172.217.168.33	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:15.861963034 CET	8.8.8.8	192.168.2.3	0x7e2b	No error (0)	googleads.g.doubleclick.net		172.217.168.2	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:15.886842966 CET	8.8.8.8	192.168.2.3	0x2298	No error (0)	pagead-googlehosted.l.google.com		172.217.168.65	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:16.634085894 CET	8.8.8.8	192.168.2.3	0xc94b	No error (0)	dsum-sec.casalemedia.com	dsum-sec.casalemedia.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:16.641491890 CET	8.8.8.8	192.168.2.3	0xb3f3	No error (0)	cm.g.doubleclick.net		172.217.168.34	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:16.665091038 CET	8.8.8.8	192.168.2.3	0xce5e	No error (0)	s0.2mdn.net	s0-2mdn-net.l.google.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:16.665091038 CET	8.8.8.8	192.168.2.3	0xce5e	No error (0)	s0-2mdn-net.l.google.com		172.217.168.6	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.048772097 CET	8.8.8.8	192.168.2.3	0xc585	No error (0)	googleads4.g.doubleclick.net		172.217.168.66	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.197993040 CET	8.8.8.8	192.168.2.3	0x63f8	No error (0)	px.ads.linkedin.com	www.linkedin.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:17.197993040 CET	8.8.8.8	192.168.2.3	0x63f8	No error (0)	www.linkedin.com	www-linkedin-com.l-0005.l-msedge.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:17.199424028 CET	8.8.8.8	192.168.2.3	0x95f0	No error (0)	tr.blismedia.com		34.96.105.8	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.201896906 CET	8.8.8.8	192.168.2.3	0xbfc7	No error (0)	um.wbtrk.net		127.0.0.2	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.202686071 CET	8.8.8.8	192.168.2.3	0x1e66	No error (0)	cs.media.net		184.87.212.24	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.205073118 CET	8.8.8.8	192.168.2.3	0xb095	No error (0)	rtb2-useast.e-volution.ai	e-volution.rtb-as-useast.ak-is2.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:17.205073118 CET	8.8.8.8	192.168.2.3	0xb095	No error (0)	e-volution.rtb-as-useast.ak-is2.net		174.137.133.49	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.206088066 CET	8.8.8.8	192.168.2.3	0x8e8c	No error (0)	s.ad.smaato.net		143.204.215.20	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.206088066 CET	8.8.8.8	192.168.2.3	0x8e8c	No error (0)	s.ad.smaato.net		143.204.215.106	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.206088066 CET	8.8.8.8	192.168.2.3	0x8e8c	No error (0)	s.ad.smaato.net		143.204.215.61	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.206088066 CET	8.8.8.8	192.168.2.3	0x8e8c	No error (0)	s.ad.smaato.net		143.204.215.85	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.275660992 CET	8.8.8.8	192.168.2.3	0xe864	No error (0)	cs.emxdgt.com		18.195.155.181	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.275758028 CET	8.8.8.8	192.168.2.3	0x8b72	No error (0)	um.simpli.fi	nl3ads5.simpli.fi		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:17.275758028 CET	8.8.8.8	192.168.2.3	0x8b72	No error (0)	nl3ads5.simpli.fi		169.50.137.182	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.281585932 CET	8.8.8.8	192.168.2.3	0x14fb	No error (0)	a.tribalfusion.com		104.18.12.5	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.281585932 CET	8.8.8.8	192.168.2.3	0x14fb	No error (0)	a.tribalfusion.com		104.18.13.5	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.282377958 CET	8.8.8.8	192.168.2.3	0x3a2d	No error (0)	um.wbtrk.net		127.0.0.2	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.socdm.com	tg.dr.socdm.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		202.241.208.100	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.45	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		202.241.208.53	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.46	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.49	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		202.241.208.56	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.50	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.43	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.42	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		202.241.208.54	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		202.241.208.55	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.51	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.52	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.44	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.48	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		202.241.208.52	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		124.146.215.47	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.285902023 CET	8.8.8.8	192.168.2.3	0x3ebb	No error (0)	tg.dr.socdm.com		202.241.208.57	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	match.360yield.com	ice.360yield.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	ice.360yield.com	eu2-ice.360yield.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	eu2-ice.360yield.com		18.197.199.94	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	eu2-ice.360yield.com		52.29.17.185	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	eu2-ice.360yield.com		52.28.181.192	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	eu2-ice.360yield.com		18.192.251.227	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	eu2-ice.360yield.com		52.57.206.212	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	eu2-ice.360yield.com		52.57.83.77	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	eu2-ice.360yield.com		3.67.130.206	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.291023016 CET	8.8.8.8	192.168.2.3	0x1a92	No error (0)	eu2-ice.360yield.com		52.28.100.19	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.327258110 CET	8.8.8.8	192.168.2.3	0x1577	No error (0)	a.rfihub.com	a.rfihub.com.akadns.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:17.616915941 CET	8.8.8.8	192.168.2.3	0x4e1f	No error (0)	s.tribalfusion.com		104.18.13.5	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:17.616915941 CET	8.8.8.8	192.168.2.3	0x4e1f	No error (0)	s.tribalfusion.com		104.18.12.5	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:22.297844887 CET	8.8.8.8	192.168.2.3	0x47f7	No error (0)	s0.2mdn.net	s0-2mdn-net.l.google.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:22.297844887 CET	8.8.8.8	192.168.2.3	0x47f7	No error (0)	s0-2mdn-net.l.google.com		172.217.168.6	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.170547009 CET	8.8.8.8	192.168.2.3	0x2647	No error (0)	cm.g.doubleclick.net		172.217.168.34	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.175601959 CET	8.8.8.8	192.168.2.3	0xfc76	No error (0)	dsum-sec.casalemedia.com	dsum-sec.casalemedia.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.adnxs.com	g.geogslb.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	g.geogslb.com	ib.anycast.adnxs.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.220.243	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.221.14	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.220.145	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.221.15	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.220.242	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.220.216	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.220.240	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.221.87	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.223.38	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.220.244	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.221.13	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:24.201172113 CET	8.8.8.8	192.168.2.3	0x614f	No error (0)	ib.anycast.adnxs.com		185.33.220.241	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:46.328704119 CET	8.8.8.8	192.168.2.3	0x42e8	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:46.328704119 CET	8.8.8.8	192.168.2.3	0x42e8	No error (0)	star-mini.c10r.facebook.com		157.240.17.35	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:47.643532991 CET	8.8.8.8	192.168.2.3	0x760c	No error (0)	static.xx.fbcdn.net	scontent.xx.fbcdn.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:47.643532991 CET	8.8.8.8	192.168.2.3	0x760c	No error (0)	scontent.xx.fbcdn.net		157.240.17.15	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:50.187237978 CET	8.8.8.8	192.168.2.3	0x394	No error (0)	static.xx.fbcdn.net	scontent.xx.fbcdn.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:50.187237978 CET	8.8.8.8	192.168.2.3	0x394	No error (0)	scontent.xx.fbcdn.net		157.240.17.15	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:57.104393005 CET	8.8.8.8	192.168.2.3	0xbf21	No error (0)	www.quiz-bliss.com		130.211.6.0	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:58.261276960 CET	8.8.8.8	192.168.2.3	0x7162	No error (0)	connect.facebook.net	scontent.xx.fbcdn.net		CNAME (Canonical name)	IN (0x0001)
Jan 29, 2022 00:03:58.261276960 CET	8.8.8.8	192.168.2.3	0x7162	No error (0)	scontent.xx.fbcdn.net		157.240.17.15	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:58.379762888 CET	8.8.8.8	192.168.2.3	0xdc35	No error (0)	img.women.com		34.98.97.49	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:59.034403086 CET	8.8.8.8	192.168.2.3	0x2008	No error (0)	sb.scorecardresearch.com		143.204.215.7	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:59.034403086 CET	8.8.8.8	192.168.2.3	0x2008	No error (0)	sb.scorecardresearch.com		143.204.215.108	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:59.034403086 CET	8.8.8.8	192.168.2.3	0x2008	No error (0)	sb.scorecardresearch.com		143.204.215.58	A (IP address)	IN (0x0001)
Jan 29, 2022 00:03:59.034403086 CET	8.8.8.8	192.168.2.3	0x2008	No error (0)	sb.scorecardresearch.com		143.204.215.23	A (IP address)	IN (0x0001)

Target ID:	0
Start time:	00:02:51
Start date:	29/01/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821
Imagebase:	0x7ff68b0a0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	2
Start time:	00:02:52
Start date:	29/01/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,9302057933297055962,10316816090944240565,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8
Imagebase:	0x7ff68b0a0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	96680
Entropy (8bit):	3.7451830208493018
Encrypted:	false
SSDEEP:	384:GjO5lbcukoEbjVYeFgNNr+vRb36dbKHLGGuRr8/pfqxivnfWrEJmUX87VxFOO7LZ:A6K1NqKqWEevorDLs/r+DKBfVRG
MD5:	6AADEEC9ACB7BF2E5A914EF9851E3C4C
SHA1:	004F73547DB16F9322A11E953FC1C06034FEEF42
SHA-256:	861A013FA591C0030FF27E00BC38E340BC08FEF7A4A2CF6249C20FBD3D813E8F
SHA-512:	D94076BBF1963A4EB15A23350EA08D664E09F097EAB7FBE7D6F2179EADB4FF82989ECC446EC05F4BCDEBBA26A7688F9F6A469404B8EEE0C84BDF5FE29CCA7AB0
Malicious:	false
Reputation:	low
Preview:	.y.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...PR8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

C:\Users\user\AppData\Local\Google\Chrome\User Data\0d89be2c-c67f-4ac3-af1f-e4fdb6b59dbb.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\1a562cb5-0812-4f19-9097-f6d520d52b4d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\307dde0a-2e97-4879-a241-be417a7b78ec.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\423be078-73c9-4de3-aff9-b40c512c2b7f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\7d231985-b690-48d5-a60b-d1352d300427.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\94a0eef0-8ae2-46b6-bf60-7ee9c026ed7d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\94fa266f-7893-4111-92ad-11bfc0ecc68d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\9525774e-c1d6-4de6-8976-9c350704412c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\954a132f-0918-417e-9cea-b3b83028ec01.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\05428b73-4cb8-4796-b9e1-2cd593eab456.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\13fd322a-ac75-438f-8fc2-71de8b0141ab.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\148d7455-1a88-4ca1-8bda-e08352ca313c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\175faa00-cdfd-4a9d-a7b6-6fb864491171.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2993e2a7-2707-42c1-859c-7fe1cd2db6f8.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2ce8f007-444e-40d8-affd-13dc05ea164e.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\375d7f13-a7a2-4af8-8bed-ccd1a5af138c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3a821e45-dc15-41c3-b8e4-19e10a7b3511.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\47199a30-ed52-49d7-83f3-4621f5d65015.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4abad8f5-01a5-4ae1-babd-bade8a1d0101.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old"0 (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State. (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesMP (copy)

Windows Analysis Report
https://www.quiz-bliss.com/kittycantrell/harry-potter-20-year-anniversary-trivia-quiz-112821