Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:23:50 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:23:50 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:23:50 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:23:50 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 14 11:23:50 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 100
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 101
|
ASCII text, with very long lines (5317), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 77
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 78
|
ASCII text, with very long lines (32755)
|
downloaded
|
||
Chrome Cache Entry: 79
|
HTML document, ASCII text, with very long lines (2441)
|
downloaded
|
||
Chrome Cache Entry: 80
|
HTML document, ASCII text, with CRLF, LF line terminators
|
downloaded
|
||
Chrome Cache Entry: 81
|
HTML document, ASCII text, with CRLF, LF line terminators
|
downloaded
|
||
Chrome Cache Entry: 82
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 83
|
ASCII text, with very long lines (32761)
|
dropped
|
||
Chrome Cache Entry: 84
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 85
|
ASCII text, with no line terminators
|
dropped
|
||
Chrome Cache Entry: 86
|
ASCII text, with very long lines (21066)
|
downloaded
|
||
Chrome Cache Entry: 87
|
ASCII text, with very long lines (32755)
|
dropped
|
||
Chrome Cache Entry: 88
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 89
|
HTML document, ASCII text, with CRLF, LF line terminators
|
downloaded
|
||
Chrome Cache Entry: 90
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 91
|
ASCII text, with very long lines (32761)
|
downloaded
|
||
Chrome Cache Entry: 92
|
ASCII text, with very long lines (3138)
|
dropped
|
||
Chrome Cache Entry: 93
|
HTML document, ASCII text, with CRLF, LF line terminators
|
downloaded
|
||
Chrome Cache Entry: 94
|
ASCII text, with very long lines (5317), with no line terminators
|
dropped
|
||
Chrome Cache Entry: 95
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 96
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 97
|
ASCII text, with very long lines (3138)
|
downloaded
|
||
Chrome Cache Entry: 98
|
ASCII text, with very long lines (21066)
|
dropped
|
||
Chrome Cache Entry: 99
|
HTML document, ASCII text, with very long lines (1345)
|
downloaded
|
There are 22 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1988,i,8019242351754674372,2817484678432438620,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php
|
|||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php
|
|||
https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
|
54.246.177.143
|
||
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728908633201
|
52.30.138.159
|
||
https://finaltestwebsite.duckdns.org/favicon.ico
|
20.79.155.225
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/sendQuestion.php
|
20.79.155.225
|
||
https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent=
|
91.228.74.159
|
||
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
|
37.252.172.123
|
||
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=finaltestwebsite.duckdns.org&ttd_tpi=1
|
15.197.193.217
|
||
https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=03635110260801712893650420016188954397&gdpr=0&gdpr_consent=
|
3.71.149.231
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/50805f331bb1b697aafb6f0c28b09212.woff2
|
20.79.155.225
|
||
https://dp2.33across.com/ps/?pid=897&random=1951281916
|
67.202.105.24
|
||
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDM2MzUxMTAyNjA4MDE3MTI4OTM2NTA0MjAwMTYxODg5NTQzOTc=
|
216.58.212.130
|
||
https://navdmp.com/req?adID=03635110260801712893650420016188954397
|
104.17.207.250
|
||
https://dlslhpkfqfglo.cloudfront.net/cdn/ca/lwsa.html
|
18.245.45.39
|
||
https://scotiabank.demdex.net/dest5.html?d_nsid=0
|
52.212.141.180
|
||
https://dpm.demdex.net/ibs:dpid=269&dpuuid=4e2b670d-0d5f-4f00-8b2b-1c58f943140a&ddsuuid=03635110260801712893650420016188954397
|
34.249.54.253
|
||
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDM2MzUxMTAyNjA4MDE3MTI4OTM2NTA0MjAwMTYxODg5NTQzOTc=&google_tc=
|
216.58.212.130
|
||
https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.js
|
unknown
|
||
https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
|
37.252.172.123
|
||
https://somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=05836762597736714354592040515544431119&ts=1728908635140
|
63.140.62.27
|
||
https://dpm.demdex.net/ibs:dpid=1175&gdpr=0&dpuuid=X8TqpVmX7PZEy-jzUJX3ol3FvKVEl-P5CssIKu3j
|
34.249.54.253
|
||
https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80&e=v
|
18.245.45.132
|
||
https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?
|
18.245.45.132
|
||
https://ps.eyeota.net/match/bounce/?bid=6j5b2cv&uid=03635110260801712893650420016188954397&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
|
3.124.210.90
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/ScotiaBank/processing.php
|
|||
https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf?e=v
|
18.245.45.132
|
||
https://cdn.navdmp.com/req?adID=03635110260801712893650420016188954397
|
104.17.32.124
|
||
https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.js
|
unknown
|
||
https://dpm.demdex.net/ibs:dpid=903&dpuuid=44dccae9-58e1-4362-856c-6011fe7d2977
|
34.249.54.253
|
||
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zw0NXQAAALDG_QN6
|
52.30.138.159
|
||
https://dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js
|
18.245.45.132
|
||
https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_Acti
|
unknown
|
||
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEMVEKhwStg4n4JHmW4v_d-U&google_cver=1?gdpr=0&gdpr_consent=
|
34.249.54.253
|
||
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=finaltestwebsite.duckdns.org&ttd_tpi=1
|
15.197.193.217
|
||
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3647700221894852617
|
34.249.54.253
|
||
https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5124322334059176849
|
34.249.54.253
|
||
https://dpm.demdex.net/ibs:dpid=601&dpuuid=212835409369910&random=1728908642
|
34.249.54.253
|
||
https://dlslhpkfqfglo.cloudfront.net/cdn/cd/l?e=v
|
18.245.45.132
|
||
https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=03635110260801712893650420016188954397&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d03635110260801712893650420016188954397
|
74.121.140.211
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/ses/SendLogin.php
|
20.79.155.225
|
||
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728908633201
|
52.30.138.159
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/8fd30bd010d9e2c7677ec339685f958b.woff
|
20.79.155.225
|
||
https://analytics.twitter.com/i/adsct?p_user_id=03635110260801712893650420016188954397&p_id=38594
|
104.244.42.195
|
||
https://ps.eyeota.net/match?bid=6j5b2cv&uid=03635110260801712893650420016188954397&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
|
3.124.210.90
|
||
https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID]
|
34.117.77.79
|
||
https://dpm.demdex.net/ibs:dpid=358&dpuuid=6353118923408845119
|
34.249.54.253
|
There are 36 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
finaltestwebsite.duckdns.org
|
20.79.155.225
|
||
ups.analytics.yahoo.com
|
unknown
|
||
cm.everesttech.net
|
unknown
|
||
scotiabank.demdex.net
|
unknown
|
||
somniture.scotiabank.com
|
unknown
|
||
ads.scorecardresearch.com
|
unknown
|
||
auth.scotiaonline.scotiabank.com
|
unknown
|
||
dpm.demdex.net
|
unknown
|
||
analytics.twitter.com
|
unknown
|
||
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
|
unknown
|
||
cms.quantserve.com
|
unknown
|
||
cms.analytics.yahoo.com
|
unknown
|
||
dmtags.scotiabank.com
|
unknown
|
||
sync.mathtag.com
|
unknown
|
||
ib.adnxs.com
|
unknown
|
||
p.rfihub.com
|
unknown
|
||
navdmp.com
|
104.17.207.250
|
||
cdn.navdmp.com
|
104.17.32.124
|
||
pixel-origin.mathtag.com
|
74.121.140.211
|
||
posa-extalb-prod-eu-751772683.eu-west-1.elb.amazonaws.com
|
54.246.177.143
|
||
s.twitter.com
|
104.244.42.195
|
||
global.px.quantserve.com
|
91.228.74.159
|
||
dp2.33across.com
|
67.202.105.24
|
||
scotiabank.com.ssl.sc.omtrdc.net
|
63.140.62.27
|
||
ps.eyeota.net
|
3.124.210.90
|
||
dlslhpkfqfglo.cloudfront.net
|
18.245.45.132
|
||
ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud
|
3.71.149.231
|
||
d1tcwf12y4kqv3.cloudfront.net
|
18.244.18.32
|
||
cm.g.doubleclick.net
|
216.58.212.130
|
||
www.google.com
|
142.250.186.36
|
||
ml314.com
|
34.117.77.79
|
||
dcs-ups.g03.yahoodns.net
|
87.248.119.251
|
||
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com
|
52.30.138.159
|
||
ib.anycast.adnxs.com
|
37.252.172.123
|
||
match.adsrvr.org
|
15.197.193.217
|
There are 25 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
20.79.155.225
|
finaltestwebsite.duckdns.org
|
United States
|
||
18.245.45.39
|
unknown
|
United States
|
||
67.202.105.24
|
dp2.33across.com
|
United States
|
||
52.30.138.159
|
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com
|
United States
|
||
3.71.149.231
|
ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud
|
United States
|
||
192.168.2.8
|
unknown
|
unknown
|
||
192.168.2.16
|
unknown
|
unknown
|
||
104.17.32.124
|
cdn.navdmp.com
|
United States
|
||
63.140.62.27
|
scotiabank.com.ssl.sc.omtrdc.net
|
United States
|
||
104.17.207.250
|
navdmp.com
|
United States
|
||
192.168.2.5
|
unknown
|
unknown
|
||
15.197.193.217
|
match.adsrvr.org
|
United States
|
||
87.248.119.251
|
dcs-ups.g03.yahoodns.net
|
United Kingdom
|
||
37.252.172.123
|
ib.anycast.adnxs.com
|
European Union
|
||
3.124.210.90
|
ps.eyeota.net
|
United States
|
||
216.58.212.130
|
cm.g.doubleclick.net
|
United States
|
||
34.117.77.79
|
ml314.com
|
United States
|
||
142.250.186.36
|
www.google.com
|
United States
|
||
18.245.45.132
|
dlslhpkfqfglo.cloudfront.net
|
United States
|
||
74.121.140.211
|
pixel-origin.mathtag.com
|
United States
|
||
18.244.18.32
|
d1tcwf12y4kqv3.cloudfront.net
|
United States
|
||
104.17.64.124
|
unknown
|
United States
|
||
104.244.42.3
|
unknown
|
United States
|
||
52.212.141.180
|
unknown
|
United States
|
||
104.244.42.195
|
s.twitter.com
|
United States
|
||
52.48.180.95
|
unknown
|
United States
|
||
34.249.54.253
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
91.228.74.159
|
global.px.quantserve.com
|
United Kingdom
|
||
54.246.177.143
|
posa-extalb-prod-eu-751772683.eu-west-1.elb.amazonaws.com
|
United States
|
There are 20 hidden IPs, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/index.php
|
||
https://finaltestwebsite.duckdns.org/UpdateVerifyPrss!/ScotiaBank/processing.php
|