Windows Analysis Report
https://my.norton.com/extspa/llonboard/idv/form2

Overview

General Information

Sample URL: https://my.norton.com/extspa/llonboard/idv/form2
Analysis ID: 1541107
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Stores files to the Windows start menu directory

Classification

Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49733 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global traffic HTTP traffic detected: GET /symantec/cp1/Bootstrap.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /symantec/cp1/Bootstrap.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1729765929179 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://my.norton.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /symantec/cp1/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/symantec/cp1/code/&publishedOn=Mon%20Jul%2003%2016:37:09%20GMT%202023&ClientID=21&PageID=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2 HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dest5.html?d_nsid=0 HTTP/1.1Host: symantec.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763
Source: global traffic HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=eeb7662070774edca038572e87dc71ba&mboxPC=&mboxPage=3e7eff5657134cacaa417b72c58a02fb&mboxRid=95487b1c763d4bf3aaa4b0e06803d432&mboxVersion=1.8.3&mboxCount=1&mboxTime=1729751529194&mboxHost=my.norton.com&mboxURL=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&mboxReferrer=&mboxXDomain=enabled&browserHeight=907&browserWidth=1280&browserTimeOffset=-240&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&Promocode=&profile.TCG=&vendor_type=&program_type=&site_country=&site_section=&content_title=&site_language=&traffic_source=&ExistingCustomer=&site_sub_section=&profile.promocode=&current_subchannel=&site_content_title=&original_subchannel=&profile.vendor_type=&profile.program_type=&profile.site_country=&site_sub_sub_section=&%20profile.site_section=&profile.site_language=&profile.%20traffic_source=&profile.ExistingCustomer=&profile.%20site_sub_section=&profile.current_subchannel=&profile.site_content_title=&profile.original_subchannel=&mboxMCSDID=39192FC575EFDA9E-79DEBE6A3E839DD8&mboxMCGVID=87272364839168777360339105128304970746&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://my.norton.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1729765929179 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763
Source: global traffic HTTP traffic detected: GET /symantec/cp1/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/symantec/cp1/code/&publishedOn=Mon%20Jul%2003%2016:37:09%20GMT%202023&ClientID=21&PageID=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2 HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /symantec/cp1/code/55ed090a14f40e6b7b02a1bbfc72a1a9.js?conditionId0=423130 HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /symantec/cp1/code/5a511eff6ece75f86134f0b7c2baed9b.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=eeb7662070774edca038572e87dc71ba&mboxPC=&mboxPage=3e7eff5657134cacaa417b72c58a02fb&mboxRid=95487b1c763d4bf3aaa4b0e06803d432&mboxVersion=1.8.3&mboxCount=1&mboxTime=1729751529194&mboxHost=my.norton.com&mboxURL=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&mboxReferrer=&mboxXDomain=enabled&browserHeight=907&browserWidth=1280&browserTimeOffset=-240&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&Promocode=&profile.TCG=&vendor_type=&program_type=&site_country=&site_section=&content_title=&site_language=&traffic_source=&ExistingCustomer=&site_sub_section=&profile.promocode=&current_subchannel=&site_content_title=&original_subchannel=&profile.vendor_type=&profile.program_type=&profile.site_country=&site_sub_sub_section=&%20profile.site_section=&profile.site_language=&profile.%20traffic_source=&profile.ExistingCustomer=&profile.%20site_sub_section=&profile.current_subchannel=&profile.site_content_title=&profile.original_subchannel=&mboxMCSDID=39192FC575EFDA9E-79DEBE6A3E839DD8&mboxMCGVID=87272364839168777360339105128304970746&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: symantec!mboxSession=eeb7662070774edca038572e87dc71ba; symantec!mboxPC=eeb7662070774edca038572e87dc71ba.37_0
Source: global traffic HTTP traffic detected: GET /error/e.gif?msg=mboxFactoryDefault%20is%20not%20defined&lnn=-1&fn=&cid=21&client=symantec&publishPath=cp1&rid=300053&did=167100&errorName=ReferenceError HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /symantec/cp1/code/5a511eff6ece75f86134f0b7c2baed9b.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ibs:dpid=411&dpuuid=ZxoiLQAAAJqQkgNx HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763
Source: global traffic HTTP traffic detected: GET /symantec/cp1/code/55ed090a14f40e6b7b02a1bbfc72a1a9.js?conditionId0=423130 HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ibs:dpid=411&dpuuid=ZxoiLQAAAJqQkgNx HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763; dpm=87432529198126374650360190330118866763
Source: global traffic HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s36224975530980?AQB=1&ndh=1&pf=1&t=24%2F9%2F2024%206%3A32%3A14%204%20240&sdid=39192FC575EFDA9E-79DEBE6A3E839DD8&mid=87272364839168777360339105128304970746&aamlh=6&ce=UTF-8&pageName=mynorton%3Aus%3Alifelock&g=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&v10=de527324-05e3-46eb-a2a7-43ab29c1aff7&c14=D%3Dv16&v18=mynorton%3Aus%3Alifelock&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&v29=not%20signed%20in&c35=D%3DpageName&c41=mynorton&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=Norton%20-%20My%20Subscription&v48=D%3Dc49&c49=lifelock&v49=D%3Dc48&v57=87272364839168777360339105128304970746&c59=mynorton%3Alifelock&v59=D%3Dc59&v72=mynorton&c75=D%3Dv57&v96=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&v133=na&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.norton.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; mbox=session#eeb7662070774edca038572e87dc71ba#1729767792|PC#eeb7662070774edca038572e87dc71ba.37_0#1793010732; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20021%7CMCMID%7C87272364839168777360339105128304970746%7CMCAAMLH-1730370730%7C6%7CMCAAMB-1730370730%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729773130s%7CNONE%7CMCSYNCSOP%7C411-20028%7CvVersion%7C5.5.0; s_nr=1729765934933-New; event69=event69; channelStack=s_eVar72~mynorton; s_tbm=true; s_gpv=mynorton%3Aus%3Alifelock; s_gpv_custom=mynorton%3Alifelock; s_cc=true
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlKHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s36224975530980?AQB=1&ndh=1&pf=1&t=24%2F9%2F2024%206%3A32%3A14%204%20240&sdid=39192FC575EFDA9E-79DEBE6A3E839DD8&mid=87272364839168777360339105128304970746&aamlh=6&ce=UTF-8&pageName=mynorton%3Aus%3Alifelock&g=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&v10=de527324-05e3-46eb-a2a7-43ab29c1aff7&c14=D%3Dv16&v18=mynorton%3Aus%3Alifelock&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&v29=not%20signed%20in&c35=D%3DpageName&c41=mynorton&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=Norton%20-%20My%20Subscription&v48=D%3Dc49&c49=lifelock&v49=D%3Dc48&v57=87272364839168777360339105128304970746&c59=mynorton%3Alifelock&v59=D%3Dc59&v72=mynorton&c75=D%3Dv57&v96=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&v133=na&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.norton.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; mbox=session#eeb7662070774edca038572e87dc71ba#1729767792|PC#eeb7662070774edca038572e87dc71ba.37_0#1793010732; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20021%7CMCMID%7C87272364839168777360339105128304970746%7CMCAAMLH-1730370730%7C6%7CMCAAMB-1730370730%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729773130s%7CNONE%7CMCSYNCSOP%7C411-20028%7CvVersion%7C5.5.0; s_nr=1729765934933-New; event69=event69; channelStack=s_eVar72~mynorton; s_tbm=true; s_gpv=mynorton%3Aus%3Alifelock; s_gpv_custom=mynorton%3Alifelock; s_cc=true
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlKHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /p/action/5441611.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /action/0?ti=5441611&Ver=2&mid=8c334c8f-32ac-4c88-b600-ee9d8553bcf6&bo=1&sid=40e9d39091f311ef95348b02c946a95b&vid=40ea030091f311ef84760da8773eaf28&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Norton%20-%20My%20Subscription&p=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&r=&lt=8208&evt=pageLoad&sv=1&cdb=AQAQ&rn=227139 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /p/action/5441611.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: my.norton.com
Source: global traffic DNS traffic detected: DNS query: webapps.norton.com
Source: global traffic DNS traffic detected: DNS query: static.nortoncdn.com
Source: global traffic DNS traffic detected: DNS query: nexus.ensighten.com
Source: global traffic DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: dpm.demdex.net
Source: global traffic DNS traffic detected: DNS query: www.nortonlifelock.com
Source: global traffic DNS traffic detected: DNS query: symantec.demdex.net
Source: global traffic DNS traffic detected: DNS query: symantec.tt.omtrdc.net
Source: global traffic DNS traffic detected: DNS query: cm.everesttech.net
Source: global traffic DNS traffic detected: DNS query: oms.norton.com
Source: chromecache_126.2.dr, chromecache_133.2.dr String found in binary or memory: https://assets.adobedtm.com/launch-EN1cc7556280444b10a3c687a73ed01baa.js
Source: chromecache_130.2.dr, chromecache_116.2.dr String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_130.2.dr, chromecache_116.2.dr String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_130.2.dr, chromecache_116.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_130.2.dr, chromecache_116.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_130.2.dr, chromecache_116.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_134.2.dr String found in binary or memory: https://getbootstrap.com)
Source: chromecache_134.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_116.2.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_116.2.dr String found in binary or memory: https://recaptcha.net
Source: chromecache_124.2.dr, chromecache_111.2.dr String found in binary or memory: https://static.nortoncdn.com/static/nmpcdn/static/nmp2024.3.20.989/dist/llonboard/norton/
Source: chromecache_116.2.dr String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_130.2.dr, chromecache_116.2.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_130.2.dr, chromecache_116.2.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_130.2.dr, chromecache_116.2.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_130.2.dr, chromecache_116.2.dr, chromecache_99.2.dr, chromecache_118.2.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_130.2.dr, chromecache_116.2.dr String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__.
Source: chromecache_99.2.dr, chromecache_118.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__en.js
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49733 version: TLS 1.2
Source: classification engine Classification label: clean0.win@17/77@46/15
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,4355322394269608029,16993460720195172481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://my.norton.com/extspa/llonboard/idv/form2"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,4355322394269608029,16993460720195172481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs