Windows Analysis Report
https://singingfiles.com/show.php?l=0&u=2156442&id=64574

Overview

General Information

Sample URL: https://singingfiles.com/show.php?l=0&u=2156442&id=64574
Analysis ID: 1467916
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
Found iframes
HTML body contains low number of good links
Submit button contains javascript call

Classification

Phishing
barindex
AI detected phishing page
Source: https://free2try.com LLM: Score: 7 brands: Ritz, Jimmy Dean, Arm & Hammer, Vaseline Reasons: The URL 'free2try.com' does not match any known legitimate domain associated with the brands displayed (Ritz, Jimmy Dean, Arm & Hammer, Vaseline). The site prominently features a login form asking for an email address, which is a common tactic in phishing sites. The promise of 'free samples' and the urgency created by phrases like 'Sign up takes Less than 30 seconds' are classic social usering techniques used to lure users into providing their personal information. Additionally, the domain name itself is generic and not associated with any of the brands shown, which raises suspicion. The presence of a suspicious link in the terms and conditions section further indicates potential phishing activity. DOM: 0.0.pages.csv
Found iframes
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: Iframe src: https://api.pushnami.com/scripts/v1/hub
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: Iframe src: https://api.pushnami.com/scripts/v1/hub
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: Iframe src: https://api.pushnami.com/scripts/v1/hub
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: Iframe src: https://api.pushnami.com/scripts/v1/hub
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: Iframe src: /pushnami/pushnami.html
HTML body contains low number of good links
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: Number of links: 0
Submit button contains javascript call
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: On click: shLayer();
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: On click: shLayer();
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: On click: shLayer();
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: On click: shLayer();
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: On click: shLayer();
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No favicon
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No favicon
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No favicon
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No favicon
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No favicon
Source: https://api.pushnami.com/scripts/v1/hub HTTP Parser: No favicon
Source: https://free2try.com/pushnami/pushnami.html HTTP Parser: No favicon
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="author".. found
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="author".. found
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="author".. found
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="author".. found
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="author".. found
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="copyright".. found
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="copyright".. found
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="copyright".. found
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="copyright".. found
Source: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:64208 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:64221 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:64227 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.6:64204 -> 1.1.1.1:53
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: mr.macgsapptrck.com to https://wsjmp.com/c/s=291454/c=1598122/m=668729bd4830bd0001a8790b_100_2156442/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: wsjmp.com to https://free2try.com/?config=9179&src=wc-291454aaa668729bd4830bd0001a8790b_100_2156442:1598122:&wsclid=5de0b3ae-2882-4116-bd49-387b28f8d7a5
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /show.php?l=0&u=2156442&id=64574 HTTP/1.1Host: singingfiles.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /click?pid=100&offer_id=24516&sub6=1266093652&sub2=100_2156442 HTTP/1.1Host: mr.macgsapptrck.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://singingfiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /c/s=291454/c=1598122/m=668729bd4830bd0001a8790b_100_2156442/ HTTP/1.1Host: wsjmp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://singingfiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?config=9179&src=WC-291454aaa668729bd4830bd0001a8790b_100_2156442:1598122:&wsclid=5de0b3ae-2882-4116-bd49-387b28f8d7a5 HTTP/1.1Host: free2try.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://singingfiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /?session_id=531dd1e83a5911ef8dd1bff723d6de30 HTTP/1.1Host: free2try.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://singingfiles.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/bootstrap.min.css HTTP/1.1Host: free2try.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /images/styles-2016.css HTTP/1.1Host: free2try.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /9179/registration//colors-2016.css HTTP/1.1Host: free2try.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /demo_optimize.js HTTP/1.1Host: free2try.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /images/js_fl.js HTTP/1.1Host: free2try.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /9179/registration//main_header.png HTTP/1.1Host: free2try.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /9179/registration//main_header.png HTTP/1.1Host: free2try.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /9179/registration/bg_header.png HTTP/1.1Host: free2try.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /9179/registration/bg_header.png HTTP/1.1Host: free2try.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /scripts/v1/pushnami-adv/60521c272bf0240010135168 HTTP/1.1Host: api.pushnami.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pushnami/service-worker.js HTTP/1.1Host: free2try.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /js/modules/fcm-v1-module.019781ec7a1c97363e85.bundle.js HTTP/1.1Host: cdn.pushnami.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/v2/pushnami-sw/60521c272bf0240010135168 HTTP/1.1Host: api.pushnami.comConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/push/track HTTP/1.1Host: trc.pushnami.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/v1/hub HTTP/1.1Host: api.pushnami.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/workers/sw.355e010fef1d4bf4045b.bundle.js HTTP/1.1Host: cdn.pushnami.comConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: free2try.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /js/exp/psfpv4_client_1.126.1_1972ad39bab3c8f1331e288e27e211c34b421bdd275cf6d126a0630d2027683f.js HTTP/1.1Host: cdn.pushnami.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: free2try.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /api/psp HTTP/1.1Host: psp.pushnami.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pushnami/pushnami.html HTTP/1.1Host: free2try.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080
Source: global traffic HTTP traffic detected: GET /scripts/v1/push/60521c272bf0240010135168 HTTP/1.1Host: api.pushnami.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/v1/hub HTTP/1.1Host: api.pushnami.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pushnami/service-worker.js HTTP/1.1Host: free2try.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://free2try.com/pushnami/service-worker.jsUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 531dd1e83a5911ef8dd1bff723d6de30=1720134080; 531dd1e83a5911ef8dd1bff723d6de30%7C9179=1720134080If-None-Match: "341f05-5a-5e92fb15dc300"If-Modified-Since: Wed, 21 Sep 2022 13:12:12 GMT
Source: global traffic HTTP traffic detected: GET /scripts/v2/pushnami-sw/60521c272bf0240010135168 HTTP/1.1Host: api.pushnami.comConnection: keep-aliveAccept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://free2try.com/pushnami/service-worker.jsUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/psp HTTP/1.1Host: psp.pushnami.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/push/subscribe HTTP/1.1Host: api.pushnami.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/push/image/id/654d251715c286001361bac4 HTTP/1.1Host: api.pushnami.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/push/icon/ext?url=https%3A%2F%2Fapi.pushnami.com%2Fapi%2Fpush%2Ficon%2Fid%2F6570f8e91fd96a00136b0f37%23.png&fallback=%2Fapi%2Fpush%2Ficon%2F605a1b2ddf8629037ec0e584 HTTP/1.1Host: api.pushnami.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: singingfiles.com
Source: global traffic DNS traffic detected: DNS query: mr.macgsapptrck.com
Source: global traffic DNS traffic detected: DNS query: wsjmp.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: free2try.com
Source: global traffic DNS traffic detected: DNS query: api.pushnami.com
Source: global traffic DNS traffic detected: DNS query: trc.pushnami.com
Source: global traffic DNS traffic detected: DNS query: cdn.pushnami.com
Source: global traffic DNS traffic detected: DNS query: stun3.l.google.com
Source: global traffic DNS traffic detected: DNS query: stun4.l.google.com
Source: global traffic DNS traffic detected: DNS query: psp.pushnami.com
Source: unknown HTTP traffic detected: POST /api/push/track HTTP/1.1Host: trc.pushnami.comConnection: keep-aliveContent-Length: 76sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/json, text/plain, */*content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0key: 60521c272bf0240010135168User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://free2try.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://free2try.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 23:01:28 GMTContent-Type: application/json; charset=utf-8Content-Length: 60Connection: closevary: originaccess-control-expose-headers: WWW-Authenticate,Server-Authorizationcache-control: no-cache
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 23:01:38 GMTContent-Type: application/json; charset=utf-8Content-Length: 70Connection: closeX-Powered-By: ExpressAccess-Control-Allow-Origin: *ETag: W/"46-ipg9rsCUK0P4SpXEE24G+u19uHc"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 23:01:56 GMTContent-Type: application/json; charset=utf-8Content-Length: 70Connection: closeX-Powered-By: ExpressAccess-Control-Allow-Origin: *ETag: W/"46-ipg9rsCUK0P4SpXEE24G+u19uHc"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Content-Length: 60Connection: closeDate: Thu, 04 Jul 2024 23:02:33 GMTcache-control: no-cachevary: accept-encodingX-Cache: Error from cloudfrontVia: 1.1 3ab47e7bb911be04b665845f18319950.cloudfront.net (CloudFront)X-Amz-Cf-Pop: AMS58-P3X-Amz-Cf-Id: fH3JBOpD2Gp6eDLJpmvkiQHNz2jEWv9ZYqzDa1sKEvU9Yq8dyNzIiA==
Source: chromecache_158.2.dr String found in binary or memory: http://a.websponsors.com/c/c=
Source: chromecache_156.2.dr String found in binary or memory: http://getbootstrap.com)
Source: chromecache_158.2.dr String found in binary or memory: http://www.free2try.com/contact.cgi?config=9179
Source: chromecache_158.2.dr String found in binary or memory: http://www.free2try.com/privacy.cgi?config=9179
Source: chromecache_158.2.dr String found in binary or memory: http://www.free2try.com/terms.cgi?config=9179&qid=
Source: chromecache_136.2.dr String found in binary or memory: https://api.pushnami.com
Source: chromecache_136.2.dr String found in binary or memory: https://api.pushnami.com/api/push/subscribe
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://api.pushnami.com/api/push/unsubscribe
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://api.pushnami.com/api/push/waterfall/enrollment
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://api.pushnami.com/api/push/waterfall/enrollment?psid=
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://api.pushnami.com/scripts/v1/hub
Source: chromecache_133.2.dr String found in binary or memory: https://api.pushnami.com/scripts/v1/push/60521c272bf0240010135168
Source: chromecache_158.2.dr String found in binary or memory: https://api.pushnami.com/scripts/v1/pushnami-adv/60521c272bf0240010135168
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://api.pushnami.com/scripts/v1/pushnami-two-step-styles/60521c272bf0240010135168
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://api.pushnami.com/scripts/v1/pushnami-two-step/60521c272bf0240010135168
Source: chromecache_162.2.dr String found in binary or memory: https://api.pushnami.com/scripts/v2/pushnami-sw/60521c272bf0240010135168
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://cdn.pushnami.com/css/opt-in/
Source: chromecache_154.2.dr String found in binary or memory: https://cdn.pushnami.com/js/exp/psfpv4_client_1.126.1_1972ad39bab3c8f1331e288e27e211c34b421bdd275cf6
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://cdn.pushnami.com/js/modules
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://cdn.pushnami.com/js/modules/fcm-v1-module.019781ec7a1c97363e85.bundle.js
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://cdn.pushnami.com/js/opt-in/
Source: chromecache_157.2.dr String found in binary or memory: https://cdn.pushnami.com/js/workers/sw.355e010fef1d4bf4045b.bundle.js
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy
Source: chromecache_158.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_151.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=PT
Source: chromecache_158.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Poppins&display=swap
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4iaVI
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4jaVI
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVI
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVI
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVI
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVI
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4vaVI
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5OaVI
Source: chromecache_149.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B5caVI
Source: chromecache_155.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_155.2.dr String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: chromecache_134.2.dr String found in binary or memory: https://fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0-ExdGM.woff2)
Source: chromecache_134.2.dr String found in binary or memory: https://fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2)
Source: chromecache_134.2.dr String found in binary or memory: https://fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0aExdGM.woff2)
Source: chromecache_134.2.dr String found in binary or memory: https://fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0yExdGM.woff2)
Source: chromecache_156.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://github.com/zendesk/cross-storage/blob/master/dist/client.min.js
Source: chromecache_137.2.dr String found in binary or memory: https://mr.macgsapptrck.com/click?pid=100&offer_id=24516&sub6=1266093652&sub2=100_2156442
Source: chromecache_154.2.dr, chromecache_136.2.dr String found in binary or memory: https://psp.pushnami.com/api/psp
Source: chromecache_157.2.dr String found in binary or memory: https://rtpd.pushnami.com
Source: chromecache_157.2.dr String found in binary or memory: https://trc.pushnami.com
Source: chromecache_136.2.dr String found in binary or memory: https://trc.pushnami.com/api/push/track
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 64209 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 64238 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64221 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64219
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64218
Source: unknown Network traffic detected: HTTP traffic on port 64224 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64211
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64210
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64213
Source: unknown Network traffic detected: HTTP traffic on port 64218 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64212
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64215
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64214
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64217
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64216
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 64235 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64221
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 64215 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64224
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64225
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64228
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64227
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64240
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64241
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64235
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64237
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64239
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64238
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64212 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64237 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 64217 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64211 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64205 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64228 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64240 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64214 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64208 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64239 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64225 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64219 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64207 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64216 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 64210 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 64227 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64241 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64208
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64207
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64209
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 64213 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64205
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:64208 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:64221 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:64227 version: TLS 1.2
Source: classification engine Classification label: mal48.phis.win@24/56@39/20
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2180,i,4682610930534376281,12712548623362568672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://singingfiles.com/show.php?l=0&u=2156442&id=64574"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2180,i,4682610930534376281,12712548623362568672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: agree
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467916 URL: https://singingfiles.com/sh... Startdate: 05/07/2024 Architecture: WINDOWS Score: 48 15 stun4.l.google.com 2->15 17 stun3.l.google.com 2->17 29 AI detected phishing page 2->29 7 chrome.exe 1 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 19 192.168.2.6, 19302, 443, 49432 unknown unknown 7->19 21 239.255.255.250 unknown Reserved 7->21 12 chrome.exe 7->12         started        process6 dnsIp7 23 free2try.com 172.67.68.254, 443, 49725, 49727 CLOUDFLARENETUS United States 12->23 25 api.pushnami.com 18.66.218.121, 443, 49742, 49747 MIT-GATEWAYSUS United States 12->25 27 18 other IPs or domains 12->27
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
18.244.18.23
 cdn.pushnami.com United States
16509 AMAZON-02US false
13.32.99.40
 unknown United States
16509 AMAZON-02US false
107.21.125.170
 unknown United States
14618 AMAZON-AESUS false
18.239.50.73
 unknown United States
16509 AMAZON-02US false
172.67.68.254
 free2try.com United States
13335 CLOUDFLARENETUS true
18.239.50.108
 unknown United States
16509 AMAZON-02US false
34.91.234.242
 wdigital.g2afse.com United States
15169 GOOGLEUS false
34.193.230.73
 unknown United States
14618 AMAZON-AESUS false
18.205.31.41
 unknown United States
14618 AMAZON-AESUS false
172.217.23.110
 android.l.google.com United States
15169 GOOGLEUS false
74.125.250.129
 stun4.l.google.com United States
15169 GOOGLEUS false
172.67.73.137
 wsjmp.com United States
13335 CLOUDFLARENETUS false
74.125.71.188
 mobile-gtalk.l.google.com United States
15169 GOOGLEUS false
18.211.221.201
 trc.pushnami.com United States
14618 AMAZON-AESUS false
239.255.255.250
 unknown Reserved
unknown unknown false
188.114.97.3
 singingfiles.com European Union
13335 CLOUDFLARENETUS false
142.250.186.164
 www.google.com United States
15169 GOOGLEUS false
34.203.90.74
 psp.pushnami.com United States
14618 AMAZON-AESUS false
18.66.218.121
 api.pushnami.com United States
3 MIT-GATEWAYSUS false

Private

IP
192.168.2.6

Contacted Domains

Name IP Active
android.l.google.com 172.217.23.110 true
stun4.l.google.com 74.125.250.129 true
free2try.com 172.67.68.254 true
cdn.pushnami.com 18.244.18.23 true
stun3.l.google.com 74.125.250.129 true
trc.pushnami.com 18.211.221.201 true
psp.pushnami.com 34.203.90.74 true
wsjmp.com 172.67.73.137 true
singingfiles.com 188.114.97.3 true
mobile-gtalk.l.google.com 74.125.71.188 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
bg.microsoft.map.fastly.net 199.232.210.172 true
wdigital.g2afse.com 34.91.234.242 true
www.google.com 142.250.186.164 true
api.pushnami.com 18.66.218.121 true
mr.macgsapptrck.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://free2try.com/favicon.ico true
  • Avira URL Cloud: safe
 unknown
https://singingfiles.com/show.php?l=0&u=2156442&id=64574 false
    		unknown
    https://api.pushnami.com/scripts/v1/hub false
      		unknown
      https://wsjmp.com/c/s=291454/c=1598122/m=668729bd4830bd0001a8790b_100_2156442/ false
      • Avira URL Cloud: safe
      		 unknown
      https://free2try.com/?config=9179&src=WC-291454aaa668729bd4830bd0001a8790b_100_2156442:1598122:&wsclid=5de0b3ae-2882-4116-bd49-387b28f8d7a5 true
      • Avira URL Cloud: safe
      		 unknown
      https://free2try.com/9179/registration/bg_header.png true
      • Avira URL Cloud: safe
      		 unknown
      https://free2try.com/pushnami/pushnami.html true
        		unknown
        https://trc.pushnami.com/api/push/track false
        • Avira URL Cloud: safe
        		 unknown
        https://free2try.com/demo_optimize.js true
        • Avira URL Cloud: safe
        		 unknown
        https://api.pushnami.com/api/push/image/id/654d251715c286001361bac4 false
        • Avira URL Cloud: safe
        		 unknown
        https://free2try.com/9179/registration//main_header.png true
        • Avira URL Cloud: safe
        		 unknown
        https://mr.macgsapptrck.com/click?pid=100&offer_id=24516&sub6=1266093652&sub2=100_2156442 false
        • Avira URL Cloud: safe
        		 unknown
        https://free2try.com/images/bootstrap.min.css true
        • Avira URL Cloud: safe
        		 unknown
        https://cdn.pushnami.com/js/workers/sw.355e010fef1d4bf4045b.bundle.js false
        • Avira URL Cloud: safe
        		 unknown
        https://free2try.com/9179/registration//colors-2016.css true
        • Avira URL Cloud: safe
        		 unknown
        https://free2try.com/images/styles-2016.css true
        • Avira URL Cloud: safe
        		 unknown
        https://api.pushnami.com/api/push/icon/ext?url=https%3A%2F%2Fapi.pushnami.com%2Fapi%2Fpush%2Ficon%2Fid%2F6570f8e91fd96a00136b0f37%23.png&fallback=%2Fapi%2Fpush%2Ficon%2F605a1b2ddf8629037ec0e584 false
        • Avira URL Cloud: safe
        		 unknown
        https://free2try.com/?session_id=531dd1e83a5911ef8dd1bff723d6de30 true
          		unknown
          https://api.pushnami.com/api/push/subscribe false
          • Avira URL Cloud: safe
          		 unknown
          https://cdn.pushnami.com/js/modules/fcm-v1-module.019781ec7a1c97363e85.bundle.js false
          • Avira URL Cloud: safe
          		 unknown
          https://psp.pushnami.com/psfp/data false
          • Avira URL Cloud: safe
          		 unknown
          https://api.pushnami.com/scripts/v1/push/60521c272bf0240010135168 false
          • Avira URL Cloud: safe
          		 unknown
          https://api.pushnami.com/scripts/v1/pushnami-adv/60521c272bf0240010135168 false
          • Avira URL Cloud: safe
          		 unknown
          https://psp.pushnami.com/api/psp false
          • Avira URL Cloud: safe
          		 unknown
          https://api.pushnami.com/scripts/v2/pushnami-sw/60521c272bf0240010135168 false
          • Avira URL Cloud: safe
          		 unknown
          https://free2try.com/images/js_fl.js true
          • Avira URL Cloud: safe
          		 unknown
          https://free2try.com/pushnami/service-worker.js true
          • Avira URL Cloud: safe
          		 unknown