Windows Analysis Report
https://ionl.ca

Overview

General Information

Sample URL: https://ionl.ca
Analysis ID: 1580402

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder

Classification

Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49826 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49830 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49831 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49834 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: global traffic HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Cache-Control: max-age = 3600Connection: Keep-AliveAccept: */*If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMTIf-None-Match: "65ca969f-2cd"User-Agent: Microsoft-CryptoAPI/10.0Host: x1.c.lencr.org
Source: global traffic DNS traffic detected: DNS query: ionl.ca
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: res.public.onecdn.static.microsoft
Source: global traffic DNS traffic detected: DNS query: assets.msn.com
Source: global traffic DNS traffic detected: DNS query: aefd.nelreports.net
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49826 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49830 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49831 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.24:49834 version: TLS 1.2
Creates files inside the system directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\scoped_dir6156_1812596042
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\scoped_dir6156_1812596042
Source: classification engine Classification label: clean1.win@20/0@7/111
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1852,i,5488664993657590629,14341294942111164373,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2128 /prefetch:11
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ionl.ca"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1852,i,5488664993657590629,14341294942111164373,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2128 /prefetch:11
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.19.227
 unknown United States
15169 GOOGLEUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
172.217.17.35
 unknown United States
15169 GOOGLEUS false
172.217.17.46
 unknown United States
15169 GOOGLEUS false
142.250.181.142
 unknown United States
15169 GOOGLEUS false
69.49.101.51
 ionl.ca United States
14116 INFB-ASUS false
64.233.161.84
 unknown United States
15169 GOOGLEUS false
172.217.21.35
 unknown United States
15169 GOOGLEUS false
172.217.21.36
 www.google.com United States
15169 GOOGLEUS false
172.217.19.10
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.2.16
192.168.2.24
192.168.2.23

Contacted Domains

Name IP Active
ionl.ca 69.49.101.51 true
www.google.com 172.217.21.36 true
sni1gl.wpc.sigmacdn.net 152.199.21.175 true
assets.msn.com unknown unknown
res.public.onecdn.static.microsoft unknown unknown
aefd.nelreports.net unknown unknown