Windows Analysis Report
http://lijit.com

Overview

General Information

Sample URL: http://lijit.com
Analysis ID: 562527
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Drops PE files
Found iframes
PE file contains sections with non-standard names
No HTML title found
Form action URLs do not match main URL

Classification

Phishing
barindex
Found iframes
Source: https://www.sovrn.com/ HTTP Parser: Iframe src: https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/ HTTP Parser: Iframe src: https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/ HTTP Parser: Iframe src: https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/#content HTTP Parser: Iframe src: https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/#content HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: Iframe src: https://player.vimeo.com/video/361117679?color=5D9FE7?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/data/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: Iframe src: https://player.vimeo.com/video/361117679?color=5D9FE7?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
No HTML title found
Source: https://www.sovrn.com/ HTTP Parser: HTML title missing
Source: https://www.sovrn.com/ HTTP Parser: HTML title missing
Source: https://knowledge.sovrn.com/what-is-the-lijit-ad-serving-domain HTTP Parser: HTML title missing
Source: https://knowledge.sovrn.com/contact-us HTTP Parser: HTML title missing
Source: https://www.sovrn.com/#content HTTP Parser: HTML title missing
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: HTML title missing
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/data/ HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: HTML title missing
Form action URLs do not match main URL
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/ HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/ HTTP Parser: No <meta name="author".. found
Source: https://knowledge.sovrn.com/what-is-the-lijit-ad-serving-domain HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/ HTTP Parser: No <meta name="author".. found
Source: https://knowledge.sovrn.com/contact-us HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/#content HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/data/ HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://knowledge.sovrn.com/what-is-the-lijit-ad-serving-domain HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://knowledge.sovrn.com/contact-us HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/#content HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/advertising-tools/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/data/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/signal/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/commerce/ HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 13.248.132.126:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.248.132.126:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:49907 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:49908 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.109:443 -> 192.168.2.3:49955 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.109:443 -> 192.168.2.3:49954 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.187.114:443 -> 192.168.2.3:50032 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.187.114:443 -> 192.168.2.3:50257 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:50318 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.135.254.63:443 -> 192.168.2.3:50424 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.135.254.63:443 -> 192.168.2.3:50433 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.135.254.63:443 -> 192.168.2.3:50442 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:50560 version: TLS 1.2
Source: Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.1.dr
Source: Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.1.dr
Source: unknown DNS traffic detected: queries for: lijit.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50452 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50532 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50502
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50360 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 50578 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50506
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 50417 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50440 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50508
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50507
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50486 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50509
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50513
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 50359 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50512
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50515
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50514
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50517
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50516
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50519
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50518
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50464 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50544 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 50439 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50524
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50523
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50526
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50525
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50528
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50527
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50507 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50520
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50522
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50521
Source: unknown Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50396 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50566 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50405 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 50382 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50462 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50347 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 50282 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50522 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50430 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50568 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50429 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50534 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50474 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 50369 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50337
Source: unknown Network traffic detected: HTTP traffic on port 50420 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50579
Source: unknown Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50578
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50339
Source: unknown Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50338
Source: unknown Network traffic detected: HTTP traffic on port 50581 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50546 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50571
Source: unknown Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50392 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50570
Source: unknown Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50573
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50330
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50333
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50575
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50332
Source: unknown Network traffic detected: HTTP traffic on port 50466 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50574
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50577
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50334
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50576
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50580
Source: unknown Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50348
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50347
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50589
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50349
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50340
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50582
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50581
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50342
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50584
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50341
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50583
Source: unknown Network traffic detected: HTTP traffic on port 50339 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50586
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50585
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50346
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50588
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50587
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50512 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50359
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50358
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50350
Source: unknown Network traffic detected: HTTP traffic on port 50558 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50353
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50595
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50594
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50355
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50354
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50357
Source: unknown Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50356
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50360
Source: unknown Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 50419 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50369
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 50524 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 50442 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50364
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50363
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50365
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50368
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50340 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50535
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50534
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50537
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50536
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50539
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50538
Source: unknown Network traffic detected: HTTP traffic on port 50571 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50315 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50531
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50530
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50533
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50532
Source: unknown Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50536 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown Network traffic detected: HTTP traffic on port 50444 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50546
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50545
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50548
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50547
Source: unknown Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50549
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50540
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50542
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50541
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50544
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50543
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50476 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50315
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50557
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown Network traffic detected: HTTP traffic on port 50384 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50559
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50558
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown Network traffic detected: HTTP traffic on port 50548 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50551
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50550
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown Network traffic detected: HTTP traffic on port 50394 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50553
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50552
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50313
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50555
Source: unknown Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50554
Source: unknown Network traffic detected: HTTP traffic on port 50454 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50568
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50567
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50569
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50560
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50320
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50562
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50561
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50564
Source: unknown Network traffic detected: HTTP traffic on port 50488 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50566
Source: unknown Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50432 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50514 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50400 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50584 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50652 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50434 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50537 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50502 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50550 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50422 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50515 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50458 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50549 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown Network traffic detected: HTTP traffic on port 50481 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50365 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown Network traffic detected: HTTP traffic on port 50527 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50424 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50252
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50493
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50253
Source: unknown Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50255
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50497
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown Network traffic detected: HTTP traffic on port 50353 -> 443
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: lijit.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: angular.js.1.dr String found in binary or memory: http://angularjs.org
Source: widevinecdm.dll.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: widevinecdm.dll.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: widevinecdm.dll.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: widevinecdm.dll.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: widevinecdm.dll.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: widevinecdm.dll.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: widevinecdm.dll.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: widevinecdm.dll.1.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: widevinecdm.dll.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: widevinecdm.dll.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: widevinecdm.dll.1.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: angular.js.1.dr String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: History Provider Cache.1.dr String found in binary or memory: http://lijit.com/2;Lijit
Source: widevinecdm.dll.1.dr String found in binary or memory: http://ocsp.digicert.com0
Source: widevinecdm.dll.1.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: widevinecdm.dll.1.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: widevinecdm.dll.1.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: mirroring_hangouts.js.1.dr String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.1.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: widevinecdm.dll.1.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: mirroring_hangouts.js.1.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.1.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, manifest.json1.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, manifest.json1.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.1.dr String found in binary or memory: https://apis.google.com/js/client.js
Source: mirroring_common.js.1.dr String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.1.dr, manifest.json.1.dr, manifest.json1.1.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://clients6.google.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json1.1.dr String found in binary or memory: https://content.googleapis.com
Source: common.js.1.dr, mirroring_cast_streaming.js.1.dr String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr, d8d837a7-a1ab-4d3c-852b-02927a88920b.tmp.3.dr, 44f2ff87-727f-4f2c-8c13-d938c64150a1.tmp.3.dr String found in binary or memory: https://dns.google
Source: mirroring_common.js.1.dr String found in binary or memory: https://docs.google.com
Source: manifest.json1.1.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json1.1.dr String found in binary or memory: https://fonts.googleapis.com;
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json1.1.dr String found in binary or memory: https://fonts.gstatic.com;
Source: angular.js.1.dr, material_css_min.css.1.dr String found in binary or memory: https://github.com/angular/material
Source: craw_background.js.1.dr, craw_window.js.1.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json1.1.dr String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: History Provider Cache.1.dr String found in binary or memory: https://lijit.com/2;Lijit
Source: mirroring_common.js.1.dr String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.1.dr String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json0.1.dr, craw_window.js.1.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://r4---sn-4g5e6ns7.gvt1.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json0.1.dr, craw_window.js.1.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json28.1.dr, messages.json34.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json62.1.dr, messages.json85.1.dr, messages.json4.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json69.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json7.1.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json28.1.dr, messages.json34.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json62.1.dr, messages.json85.1.dr, messages.json4.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json69.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json7.1.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_background.js.1.dr, craw_window.js.1.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: widevinecdm.dll.1.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://www.google-analytics.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, manifest.json1.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://www.google.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.1.dr String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json1.1.dr String found in binary or memory: https://www.google.com;
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, craw_background.js.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr, craw_window.js.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json1.1.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json1.1.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json1.1.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json1.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json1.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json1.1.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json1.1.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json1.1.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.1.dr String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.1.dr String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://www.googleoptimize.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://www.googletagmanager.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr String found in binary or memory: https://www.gstatic.com
Source: common.js.1.dr String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json1.1.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTPS traffic detected: 13.248.132.126:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.248.132.126:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:49907 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:49908 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.109:443 -> 192.168.2.3:49955 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.109:443 -> 192.168.2.3:49954 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.187.114:443 -> 192.168.2.3:50032 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.187.114:443 -> 192.168.2.3:50257 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:50318 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.135.254.63:443 -> 192.168.2.3:50424 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.135.254.63:443 -> 192.168.2.3:50433 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.135.254.63:443 -> 192.168.2.3:50442 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:50560 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\f6798c58-db7e-406a-8b58-2d8eaa1e789b.tmp Jump to behavior
Source: classification engine Classification label: clean2.win@46/200@56/34
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://lijit.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,13595487648583302405,3110836150026139459,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,13595487648583302405,3110836150026139459,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61F4FAF3-18BC.pma Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.1.dr
Source: Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.1.dr

Data Obfuscation
barindex
PE file contains sections with non-standard names
Source: widevinecdm.dll.1.dr Static PE information: section name: .00cfg
Source: widevinecdm.dll.1.dr Static PE information: section name: .rodata
Source: widevinecdm.dll.1.dr Static PE information: section name: _RDATA

Persistence and Installation Behavior
barindex
Drops PE files
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\6332_505347239\_platform_specific\win_x64\widevinecdm.dll Jump to dropped file
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562527 URL: http://lijit.com Startdate: 29/01/2022 Architecture: WINDOWS Score: 2 15 www.viglink.com 2->15 17 www.sovrn.com 2->17 19 11 other IPs or domains 2->19 6 chrome.exe 15 451 2->6         started        process3 dnsIp4 21 192.168.2.1 unknown unknown 6->21 23 239.255.255.250 unknown Reserved 6->23 13 C:\Users\user\AppData\...\widevinecdm.dll, PE32+ 6->13 dropped 10 chrome.exe 90 6->10         started        file5 process6 dnsIp7 25 quickkoala.io 162.242.174.138, 443, 49866, 49867 RACKSPACEUS United States 10->25 27 group23.sites.hscoscdn20.net 199.60.103.254, 443, 49950, 49951 QUICKSILVER1CA Canada 10->27 29 61 other IPs or domains 10->29
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.26.8.44
 ipapi.co United States
13335 CLOUDFLARENETUS false
104.19.155.83
 forms.hubspot.com United States
13335 CLOUDFLARENETUS false
104.17.68.176
 js.hs-analytics.net United States
13335 CLOUDFLARENETUS false
104.16.187.114
 f.hubspotusercontent20.net United States
13335 CLOUDFLARENETUS false
104.18.20.191
 js.hs-banner.com United States
13335 CLOUDFLARENETUS false
151.101.0.217
 vimeo.map.fastly.net United States
54113 FASTLYUS false
199.60.103.254
 group23.sites.hscoscdn20.net Canada
23181 QUICKSILVER1CA false
104.17.200.204
 feedback.hubapi.com United States
13335 CLOUDFLARENETUS false
104.17.210.204
 js.hs-scripts.com United States
13335 CLOUDFLARENETUS false
172.217.168.8
 www-googletagmanager.l.google.com United States
15169 GOOGLEUS false
104.17.112.162
 js.hubspotfeedback.com United States
13335 CLOUDFLARENETUS false
104.17.231.204
 js.hsleadflows.net United States
13335 CLOUDFLARENETUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
3.227.218.120
 web-2099239636.us-east-1.elb.amazonaws.com United States
14618 AMAZON-AESUS false
104.17.128.171
 js.hscollectedforms.net United States
13335 CLOUDFLARENETUS false
142.250.203.109
 accounts.google.com United States
15169 GOOGLEUS false
104.17.201.204
 public.hubapi.com United States
13335 CLOUDFLARENETUS false
94.31.29.99
 1g3v9y2l2llh2lksnu1v316y-wpengine.netdna-ssl.com United Kingdom
33438 HIGHWINDS2US false
104.17.184.73
 js.hsforms.net United States
13335 CLOUDFLARENETUS false
143.204.215.25
 d2mvl3dkxvehny.cloudfront.net United States
16509 AMAZON-02US false
104.19.154.83
 app.hubspot.com United States
13335 CLOUDFLARENETUS false
104.17.211.204
 js-na1.hs-scripts.com United States
13335 CLOUDFLARENETUS false
162.242.174.138
 quickkoala.io United States
19994 RACKSPACEUS false
151.101.114.109
 vimeo-video.map.fastly.net United States
54113 FASTLYUS false
34.120.202.204
 fresnel.vimeocdn.com United States
15169 GOOGLEUS false
151.101.192.217
 vimeo.com United States
54113 FASTLYUS false
34.135.254.63
 sovrn.com United States
2686 ATGS-MMD-ASUS false
104.17.241.204
 cdn2.hubspot.net United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.217.168.33
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
104.16.88.5
 forms.hsforms.com United States
13335 CLOUDFLARENETUS false
13.248.132.126
 lijit.com United States
16509 AMAZON-02US false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
forms.hsforms.com 104.16.88.5 true
cdn2.hubspot.net 104.17.241.204 true
forms.hubspot.com 104.19.155.83 true
sovrn.com 34.135.254.63 true
d2mvl3dkxvehny.cloudfront.net 143.204.215.25 true
js.hs-analytics.net 104.17.68.176 true
1g3v9y2l2llh2lksnu1v316y-wpengine.netdna-ssl.com 94.31.29.99 true
ipapi.co 104.26.8.44 true
group23.sites.hscoscdn20.net 199.60.103.254 true
track.hubspot.com 104.19.155.83 true
fresnel.vimeocdn.com 34.120.202.204 true
js.hsforms.net 104.17.184.73 true
js.hs-scripts.com 104.17.210.204 true
web-2099239636.us-east-1.elb.amazonaws.com 3.227.218.120 true
js.hubspotfeedback.com 104.17.112.162 true
js.hs-banner.com 104.18.20.191 true
public.hubapi.com 104.17.201.204 true
a.nel.cloudflare.com 35.190.80.1 true
accounts.google.com 142.250.203.109 true
quickkoala.io 162.242.174.138 true
www-google-analytics.l.google.com 142.250.203.110 true
feedback.hubapi.com 104.17.200.204 true
app.hubspot.com 104.19.154.83 true
www-googletagmanager.l.google.com 172.217.168.8 true
vimeo.com 151.101.192.217 true
www.googleoptimize.com 142.250.203.110 true
vimeo.map.fastly.net 151.101.0.217 true
js.hsleadflows.net 104.17.231.204 true
js-na1.hs-scripts.com 104.17.211.204 true
f.hubspotusercontent20.net 104.16.187.114 true
clients.l.google.com 142.250.203.110 true
www.sovrn.com 34.135.254.63 true
googlehosted.l.googleusercontent.com 172.217.168.33 true
s.w.org 192.0.77.48 true
js.hscollectedforms.net 104.17.128.171 true
lijit.com 13.248.132.126 true
vimeo-video.map.fastly.net 151.101.114.109 true
v.pinimg.com unknown unknown
i.vimeocdn.com unknown unknown
ct.pinterest.com unknown unknown
clients2.googleusercontent.com unknown unknown
use.fontawesome.com unknown unknown
clients2.google.com unknown unknown
www.viglink.com unknown unknown
code.jquery.com unknown unknown
f.vimeocdn.com unknown unknown
knowledge.sovrn.com unknown unknown
i.pinimg.com unknown unknown
assets.calendly.com unknown unknown
www.linkedin.com unknown unknown
px.ads.linkedin.com unknown unknown
snap.licdn.com unknown unknown
s.pinimg.com unknown unknown
www.pinterest.ch unknown unknown
player.vimeo.com unknown unknown
www.pinterest.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0 false
    		high
    https://lijit.com/ false
      		high
      https://www.pinterest.ch/ct.html false
        		high
        https://www.sovrn.com/publishers/commerce/ false
          		high
          https://knowledge.sovrn.com/what-is-the-lijit-ad-serving-domain false
            		high
            https://www.sovrn.com/ false
              		high
              http://lijit.com/ false
                		high
                https://www.sovrn.com/publishers/signal/ false
                  		high
                  https://www.sovrn.com/publishers/data/ false
                    		high
                    https://www.sovrn.com/advertising-tools/ false
                      		high
                      https://www.sovrn.com/#content false
                        		high
                        https://player.vimeo.com/video/361117679?color=5D9FE7?color=5D9FE7&title=0&byline=0&portrait=0 false
                          		high
                          https://knowledge.sovrn.com/contact-us false
                            		high