URL:

https://www.gofilmes.cc

Full analysis: https://app.any.run/tasks/a2aaa35a-92c2-4a6f-8d2a-dfdcf085e823
Verdict: Malicious activity
Analysis date: October 18, 2020, 17:03:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

969741539A0C59995B84233BA0B3B621

SHA1:

0C0A82EFC4ED8E47F5B0DCFD3F71D0951EEDFE81

SHA256:

47521C06B702793A6D8E6BAC4DC9EE31D8E694C1026DB69B15967C57A1D519FE

SSDEEP:

3:N8DSLW9MR:2OLvR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads settings of System Certificates

      • chrome.exe (PID: 4076)
    • Reads the hosts file

      • chrome.exe (PID: 4076)
      • chrome.exe (PID: 2028)
    • Application launched itself

      • chrome.exe (PID: 2028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
73
Monitored processes
37
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2028"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.gofilmes.cc"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
3748"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6c57a9d0,0x6c57a9e0,0x6c57a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
2692"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2472 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
1316"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,11864518641012195991,14338309344382020395,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=630141435461240288 --mojo-platform-channel-handle=1060 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
4076"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,11864518641012195991,14338309344382020395,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=6963395883117040224 --mojo-platform-channel-handle=1556 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
75.0.3770.100
4056"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,11864518641012195991,14338309344382020395,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10552126844196367414 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2336"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,11864518641012195991,14338309344382020395,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7475810946512291363 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
75.0.3770.100
4012"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,11864518641012195991,14338309344382020395,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6161745410106868775 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2504 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
2476"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,11864518641012195991,14338309344382020395,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=560178758384530778 --mojo-platform-channel-handle=3456 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
3804"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,11864518641012195991,14338309344382020395,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11001249639411053371 --mojo-platform-channel-handle=3536 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Total events
748
Read events
621
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
123
Text files
141
Unknown types
16

Dropped files

PID
Process
Filename
Type
2028chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F8C756A-7EC.pma
MD5:
SHA256:
2028chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9261834f-fb0f-4724-a3bd-1e074946a84d.tmp
MD5:
SHA256:
2028chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
2028chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
2028chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:FB5B20517A0D1F7DAD485989565BEE5E
SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101
2028chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:1A89A1BEBE6C843C4FF582E7ED33CA1F
SHA256:65099CA087B66AA8CA420AB121DAAD713E1DB5A61C5A574D9B1C0DF24F012520
3748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pmabinary
MD5:9543068B6751E1F3E11F91D72EE78D95
SHA256:D060AD21AE6E04CB58668CAA52ADFCA573E018102CC07554D2ED3EAE11AB7785
2028chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:D4322EEBAC92D1B8F7A6F5E39F6264B7
SHA256:A3EEDF21B850DCC7CE5AE04395ECDD2D29DA4EA549C8A185DD9E8B552A87B8C2
2028chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:C2DDBA63E4A2BD2E39A8B6C2C6384AAE
SHA256:6D5C1C78341C6F84911055D970ADDB0EC3499F8BF7FADE062122A22209CE67D9
2028chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF2d40f6.TMPtext
MD5:FB5B20517A0D1F7DAD485989565BEE5E
SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
110
DNS requests
77
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4076
chrome.exe
GET
301
172.67.200.202:80
http://blog.natfit.online/ref/?token=VTJGc2RHVmtYMTlodWVMZ2ZOYUcwZkJvbmxqcURFZXYvaUxGclh1NmlUMzlFYzEvT1phNFRNbHExanIrL3V1cjM5VmdvQXJMRWZ6SGg4VGpKdGZQMUE9PQ==
US
suspicious
4076
chrome.exe
GET
304
8.253.207.120:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.5 Kb
shared
4076
chrome.exe
GET
304
8.253.207.120:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.5 Kb
shared
4076
chrome.exe
GET
200
8.253.207.120:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.5 Kb
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4076
chrome.exe
172.217.22.99:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
4076
chrome.exe
216.58.207.77:443
accounts.google.com
Google Inc.
US
whitelisted
4076
chrome.exe
192.99.24.64:443
www.gofilmes.cc
OVH SAS
CA
unknown
4076
chrome.exe
192.243.59.13:443
tmh4pshu0f3n.com
DataWeb Global Group B.V.
US
malicious
4076
chrome.exe
104.17.78.107:443
cdnjs.cloudflare.com
Cloudflare Inc
US
suspicious
4076
chrome.exe
172.217.22.67:443
fonts.gstatic.com
Google Inc.
US
whitelisted
4076
chrome.exe
142.250.74.206:443
clients1.google.com
Google Inc.
US
whitelisted
4076
chrome.exe
209.197.3.24:443
code.jquery.com
Highwinds Network Group, Inc.
US
malicious
4076
chrome.exe
104.24.124.126:443
sorgalla.com
Cloudflare Inc
US
shared
4076
chrome.exe
172.217.21.195:443
ssl.gstatic.com
Google Inc.
US
whitelisted
4076
chrome.exe
216.58.212.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
4076
chrome.exe
151.139.128.11:443
cdn.shortpixel.ai
Highwinds Network Group, Inc.
US
malicious
4076
chrome.exe
104.16.126.175:443
unpkg.com
Cloudflare Inc
US
shared
4076
chrome.exe
172.67.200.202:80
blog.natfit.online
US
suspicious
4076
chrome.exe
104.16.59.155:443
image.tmdb.org
Cloudflare Inc
US
shared
4076
chrome.exe
104.27.167.44:443
blog.receitasdaora.online
Cloudflare Inc
US
shared
4076
chrome.exe
172.67.200.202:443
blog.natfit.online
US
suspicious
4076
chrome.exe
104.16.134.22:443
live.demand.supply
Cloudflare Inc
US
shared
4076
chrome.exe
35.190.80.1:443
a.nel.cloudflare.com
Google Inc.
US
suspicious
4076
chrome.exe
104.31.67.129:443
www.nutricaohoje.website
Cloudflare Inc
US
unknown
4076
chrome.exe
104.16.167.35:443
ajax.cloudflare.com
Cloudflare Inc
US
unknown
4076
chrome.exe
23.111.9.35:443
use.fontawesome.com
netDNA
US
suspicious
4076
chrome.exe
172.67.212.35:443
tag.goadopt.io
US
suspicious
4076
chrome.exe
172.217.21.193:443
2.bp.blogspot.com
Google Inc.
US
whitelisted
4076
chrome.exe
104.26.5.7:443
waust.at
Cloudflare Inc
US
suspicious
4076
chrome.exe
23.202.52.26:443
contextual.media.net
Akamai Technologies, Inc.
US
suspicious
4076
chrome.exe
67.202.94.94:443
whos.amung.us
Steadfast
US
suspicious
4076
chrome.exe
151.101.2.109:443
cdn.jsdelivr.net
Fastly
US
suspicious
4076
chrome.exe
104.26.15.201:443
i.doodcdn.com
Cloudflare Inc
US
unknown
4076
chrome.exe
104.27.148.55:443
tag.goadopt.io
Cloudflare Inc
US
shared
4076
chrome.exe
216.58.206.4:443
www.google.com
Google Inc.
US
whitelisted
4076
chrome.exe
172.217.23.99:443
www.gstatic.com
Google Inc.
US
whitelisted
4076
chrome.exe
172.67.69.10:443
dood.to
US
suspicious
4076
chrome.exe
104.26.14.201:443
i.doodcdn.com
Cloudflare Inc
US
unknown
4076
chrome.exe
172.217.23.168:443
www.googletagmanager.com
Google Inc.
US
whitelisted
4076
chrome.exe
195.181.175.46:443
www.blockadsnot.com
Datacamp Limited
DE
suspicious
4076
chrome.exe
172.217.16.174:443
www.google-analytics.com
Google Inc.
US
whitelisted
4076
chrome.exe
139.45.195.81:443
louchees.net
US
suspicious
4076
chrome.exe
192.243.59.20:443
tmh4pshu0f3n.com
DataWeb Global Group B.V.
US
malicious
4076
chrome.exe
162.252.214.5:443
adsco.re
Total Uptime Technologies, LLC
US
suspicious
4076
chrome.exe
104.17.167.186:443
c.adsco.re
Cloudflare Inc
US
shared
4076
chrome.exe
208.95.112.254:443
blockadsnot.com
IBURST
unknown
4076
chrome.exe
139.45.195.38:443
bestaryua.com
US
unknown
4076
chrome.exe
185.200.116.90:443
tzf8r6pbnbru.s.adsco.re
M247 Ltd
SG
malicious
4076
chrome.exe
104.26.9.123:443
static.lalaping.com
Cloudflare Inc
US
unknown
185.200.116.90:3478
tzf8r6pbnbru.s.adsco.re
M247 Ltd
SG
malicious
4076
chrome.exe
139.45.195.46:443
inabsolor.com
US
unknown
4076
chrome.exe
185.200.118.90:443
tzf8r6pbnbru.l.adsco.re
M247 Ltd
GB
malicious
4076
chrome.exe
38.132.109.186:443
tzf8r6pbnbru.n.adsco.re
M247 Ltd
US
malicious
185.200.118.90:3478
tzf8r6pbnbru.l.adsco.re
M247 Ltd
GB
malicious
38.132.109.186:3478
tzf8r6pbnbru.n.adsco.re
M247 Ltd
US
malicious
4076
chrome.exe
66.102.1.127:19302
stun.l.google.com
Google Inc.
US
whitelisted
4076
chrome.exe
172.217.18.3:443
www.google.es
Google Inc.
US
whitelisted
4076
chrome.exe
95.217.204.250:443
adtrackingflow.pro
Hetzner Online GmbH
DE
unknown
4076
chrome.exe
139.45.195.14:443
beonixom.com
US
malicious
4076
chrome.exe
139.45.195.103:443
propeller-tracking.com
US
unknown
95.217.204.250:443
adtrackingflow.pro
Hetzner Online GmbH
DE
unknown
4076
chrome.exe
69.16.175.42:443
b6u2w2z4.ssl.hwcdn.net
Highwinds Network Group, Inc.
US
malicious
4076
chrome.exe
104.31.69.192:443
get.zazqx.com
Cloudflare Inc
US
shared
4076
chrome.exe
139.45.195.254:443
o.wowreality.info
US
unknown
4076
chrome.exe
172.67.140.60:443
get.videos-searches.com
US
malicious
4076
chrome.exe
66.102.1.188:5228
mtalk.google.com
Google Inc.
US
whitelisted
4076
chrome.exe
52.232.26.228:443
push2.notify-service.com
Microsoft Corporation
NL
unknown
4076
chrome.exe
172.217.18.14:443
android.clients.google.com
Google Inc.
US
whitelisted
4076
chrome.exe
172.217.21.206:443
android.clients.google.com
Google Inc.
US
whitelisted
4076
chrome.exe
216.58.212.174:443
android.clients.google.com
Google Inc.
US
whitelisted
4076
chrome.exe
172.217.21.238:443
ogs.google.es
Google Inc.
US
whitelisted
172.217.22.10:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
4076
chrome.exe
172.217.22.34:443
adservice.google.es
Google Inc.
US
whitelisted
4076
chrome.exe
54.36.174.207:443
sul40k.dood.video
OVH SAS
FR
unknown
4076
chrome.exe
172.217.22.14:443
android.clients.google.com
Google Inc.
US
whitelisted
4076
chrome.exe
94.31.29.131:443
www.ssaimg.com
netDNA
GB
unknown
4076
chrome.exe
8.253.207.120:80
www.download.windowsupdate.com
Level 3 Communications, Inc.
US
malicious

DNS requests

Domain
IP
Reputation
www.gofilmes.cc
  • 192.99.24.64
unknown
clientservices.googleapis.com
  • 172.217.22.99
shared
accounts.google.com
  • 216.58.207.77
shared
sorgalla.com
  • 104.24.124.126
  • 104.24.125.126
  • 172.67.195.203
unknown
code.jquery.com
  • 209.197.3.24
whitelisted
cdn.shortpixel.ai
  • 151.139.128.11
whitelisted
cdnjs.cloudflare.com
  • 104.17.78.107
  • 104.17.79.107
whitelisted
unpkg.com
  • 104.16.126.175
  • 104.16.122.175
  • 104.16.124.175
  • 104.16.125.175
  • 104.16.123.175
whitelisted
tmh4pshu0f3n.com
  • 192.243.59.13
  • 192.243.59.12
  • 192.243.59.20
malicious
fonts.googleapis.com
  • 216.58.212.170
whitelisted
fonts.gstatic.com
  • 172.217.22.67
whitelisted
s.w.org
  • 192.0.77.48
whitelisted
clients1.google.com
  • 142.250.74.206
whitelisted
ssl.gstatic.com
  • 172.217.21.195
whitelisted
image.tmdb.org
  • 104.16.59.155
  • 104.16.60.155
  • 104.16.61.155
  • 104.16.57.155
  • 104.16.58.155
whitelisted
clients2.google.com
  • 142.250.74.206
whitelisted
blog.natfit.online
  • 172.67.200.202
  • 104.18.44.103
  • 104.18.45.103
unknown
www.nutricaohoje.website
  • 104.31.67.129
  • 104.31.66.129
  • 172.67.194.15
unknown
blog.receitasdaora.online
  • 104.27.167.44
  • 104.27.166.44
  • 172.67.212.252
unknown
blog.nutricaohoje.website
  • 104.31.66.129
  • 172.67.194.15
  • 104.31.67.129
unknown
a.nel.cloudflare.com
  • 35.190.80.1
whitelisted
live.demand.supply
  • 104.16.134.22
  • 104.16.133.22
malicious
use.fontawesome.com
  • 23.111.9.35
whitelisted
2.bp.blogspot.com
  • 172.217.21.193
whitelisted
ajax.cloudflare.com
  • 104.16.167.35
  • 104.16.168.35
whitelisted
tag.goadopt.io
  • 172.67.212.35
  • 104.27.149.55
  • 104.27.148.55
suspicious
waust.at
  • 104.26.5.7
  • 104.26.4.7
  • 172.67.71.57
malicious
contextual.media.net
  • 23.202.52.26
shared
lg3.media.net
  • 23.202.52.26
whitelisted
whos.amung.us
  • 67.202.94.94
  • 67.202.94.86
  • 67.202.94.93
whitelisted
auth.goadopt.io
  • 104.27.148.55
  • 104.27.149.55
  • 172.67.212.35
suspicious
dood.to
  • 172.67.69.10
  • 104.26.8.122
  • 104.26.9.122
malicious
i.doodcdn.com
  • 104.26.15.201
  • 104.26.14.201
  • 172.67.74.66
unknown
www.google.com
  • 216.58.206.4
whitelisted
img.doodcdn.com
  • 104.26.14.201
  • 104.26.15.201
  • 172.67.74.66
suspicious
cdn.jsdelivr.net
  • 151.101.2.109
  • 151.101.66.109
  • 151.101.130.109
  • 151.101.194.109
shared
www.google-analytics.com
  • 172.217.16.174
shared
www.googletagmanager.com
  • 172.217.23.168
whitelisted
www.gstatic.com
  • 172.217.23.99
whitelisted
api.goadopt.io
  • 104.27.149.55
  • 104.27.148.55
  • 172.67.212.35
suspicious
www.blockadsnot.com
  • 195.181.175.46
suspicious
louchees.net
  • 139.45.195.81
  • 139.45.195.142
  • 139.45.195.16
  • 139.45.196.3
  • 139.45.196.67
  • 139.45.197.9
malicious
dcop4khjxsmg.com
  • 192.243.59.20
  • 192.243.59.12
  • 192.243.59.13
malicious
blockadsnot.com
  • 208.95.112.254
unknown
c.adsco.re
  • 104.17.167.186
  • 104.17.166.186
whitelisted
adsco.re
  • 162.252.214.5
whitelisted
6.adsco.re
  • 104.17.166.186
  • 104.17.167.186
whitelisted
tzf8r6pbnbru.l.adsco.re
  • 185.200.118.90
suspicious
tzf8r6pbnbru.n.adsco.re
  • 38.132.109.186
suspicious
tzf8r6pbnbru.s.adsco.re
  • 185.200.116.90
suspicious
inabsolor.com
  • 139.45.195.46
  • 139.45.195.111
  • 139.45.196.30
  • 139.45.196.92
  • 139.45.195.167
  • 139.45.197.8
whitelisted
bestaryua.com
  • 139.45.195.38
  • 139.45.196.108
  • 139.45.195.94
  • 139.45.196.14
  • 139.45.195.150
  • 139.45.197.8
malicious
static.lalaping.com
  • 104.26.9.123
  • 172.67.75.33
  • 104.26.8.123
whitelisted
www.google.es
  • 172.217.18.3
whitelisted
stun.l.google.com
  • 66.102.1.127
whitelisted
o.wowreality.info
  • 139.45.195.254
malicious
adtrackingflow.pro
  • 95.217.204.250
malicious
propeller-tracking.com
  • 139.45.195.103
  • 139.45.195.159
  • 139.45.196.84
  • 139.45.196.22
  • 139.45.195.38
  • 139.45.197.11
whitelisted
beonixom.com
  • 139.45.195.14
  • 139.45.195.78
  • 139.45.196.2
  • 139.45.195.142
  • 139.45.196.66
malicious
get.zazqx.com
  • 104.31.69.192
  • 104.31.68.192
  • 172.67.174.242
suspicious
get.videos-searches.com
  • 172.67.140.60
  • 104.18.37.52
  • 104.18.36.52
malicious
b6u2w2z4.ssl.hwcdn.net
  • 69.16.175.42
  • 69.16.175.10
malicious
i3j3u3u9.ssl.hwcdn.net
  • 69.16.175.42
  • 69.16.175.10
malicious
android.clients.google.com
  • 142.250.74.206
  • 172.217.23.174
  • 172.217.23.142
  • 216.58.205.238
  • 172.217.22.14
  • 216.58.206.14
  • 172.217.18.14
  • 172.217.18.174
  • 216.58.207.46
  • 216.58.207.78
  • 216.58.212.174
  • 172.217.16.142
  • 216.58.210.14
  • 172.217.23.110
  • 172.217.22.78
  • 172.217.21.206
whitelisted
mtalk.google.com
  • 66.102.1.188
whitelisted
push2.notify-service.com
  • 52.232.26.228
unknown
safebrowsing.googleapis.com
  • 172.217.22.10
whitelisted
consent.google.com
  • 172.217.21.206
shared
consent.google.es
  • 172.217.18.14
whitelisted
apis.google.com
  • 216.58.212.174
whitelisted
ogs.google.es
  • 172.217.21.238
whitelisted
adservice.google.es
  • 172.217.22.34
whitelisted
consent.youtube.com
  • 172.217.22.14
whitelisted
sul40k.dood.video
  • 54.36.174.207
unknown
www.download.windowsupdate.com
  • 8.253.207.120
  • 8.253.204.120
  • 8.248.115.254
  • 8.248.119.254
  • 67.26.83.254
shared
beta.intnotif.club
  • 173.192.101.24
suspicious

Threats

PID
Process
Class
Message
1052
svchost.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
1052
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
4076
chrome.exe
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Response)
4076
chrome.exe
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Response)
Attempted User Privilege Gain
ET INFO Session Traversal Utilities for NAT (STUN Binding Response)
No debug info