IOC Report
https://my.norton.com/extspa/llonboard/idv/form2

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 101
JSON data
dropped
Chrome Cache Entry: 102
ASCII text, with very long lines (62896)
downloaded
Chrome Cache Entry: 103
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 104
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 105
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 106
Web Open Font Format (Version 2), TrueType, length 227180, version 1.0
downloaded
Chrome Cache Entry: 107
MS Windows icon resource - 1 icon, 50x50, 32 bits/pixel
downloaded
Chrome Cache Entry: 108
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 109
HTML document, ASCII text, with very long lines (2316), with no line terminators
downloaded
Chrome Cache Entry: 110
JSON data
downloaded
Chrome Cache Entry: 111
ASCII text, with very long lines (1574), with CRLF line terminators
dropped
Chrome Cache Entry: 112
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 113
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 114
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 115
JSON data
dropped
Chrome Cache Entry: 116
ASCII text, with very long lines (715)
dropped
Chrome Cache Entry: 117
JSON data
downloaded
Chrome Cache Entry: 118
ASCII text, with very long lines (1497), with no line terminators
downloaded
Chrome Cache Entry: 119
ASCII text, with very long lines (527)
downloaded
Chrome Cache Entry: 120
MS Windows icon resource - 1 icon, 50x50, 32 bits/pixel
dropped
Chrome Cache Entry: 121
HTML document, ASCII text, with very long lines (2316), with no line terminators
dropped
Chrome Cache Entry: 122
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 123
Unicode text, UTF-8 text, with very long lines (32054)
downloaded
Chrome Cache Entry: 124
ASCII text, with very long lines (1574), with CRLF line terminators
downloaded
Chrome Cache Entry: 125
ASCII text, with very long lines (520)
dropped
Chrome Cache Entry: 126
ASCII text, with very long lines (32764)
dropped
Chrome Cache Entry: 127
Unicode text, UTF-8 text, with very long lines (51384), with no line terminators
dropped
Chrome Cache Entry: 128
ASCII text, with very long lines (527)
dropped
Chrome Cache Entry: 129
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 130
ASCII text, with very long lines (715)
downloaded
Chrome Cache Entry: 131
Unicode text, UTF-8 text, with very long lines (51384), with no line terminators
downloaded
Chrome Cache Entry: 132
ASCII text, with very long lines (520)
downloaded
Chrome Cache Entry: 133
ASCII text, with very long lines (32764)
downloaded
Chrome Cache Entry: 134
ASCII text, with very long lines (20467), with CRLF line terminators
downloaded
Chrome Cache Entry: 135
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 136
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (62896)
dropped
Chrome Cache Entry: 138
Web Open Font Format (Version 2), TrueType, length 227180, version 1.0
downloaded
Chrome Cache Entry: 93
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 94
ASCII text, with very long lines (10139)
downloaded
Chrome Cache Entry: 95
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 96
ASCII text, with very long lines (579)
dropped
Chrome Cache Entry: 97
ASCII text, with very long lines (579)
downloaded
Chrome Cache Entry: 98
Unicode text, UTF-8 text, with very long lines (32054)
dropped
Chrome Cache Entry: 99
ASCII text, with very long lines (1497), with no line terminators
dropped
There are 43 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,4355322394269608029,16993460720195172481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://my.norton.com/extspa/llonboard/idv/form2"

URLs

Name
IP
Malicious
https://my.norton.com/extspa/llonboard/idv/form2
https://my.norton.com/extspa/llonboard/idv/llVerify
https://nexus.ensighten.com/symantec/cp1/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/symantec/cp1/code/&publishedOn=Mon%20Jul%2003%2016:37:09%20GMT%202023&ClientID=21&PageID=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2
65.9.66.72
https://assets.adobedtm.com/launch-EN1cc7556280444b10a3c687a73ed01baa.js
unknown
https://nexus.ensighten.com/symantec/cp1/Bootstrap.js
65.9.66.72
https://developers.google.com/recaptcha/docs/faq#localhost_support
unknown
https://support.google.com/recaptcha#6262736
unknown
https://cloud.google.com/recaptcha-enterprise/billing-information
unknown
https://nexus.ensighten.com/error/e.gif?msg=mboxFactoryDefault%20is%20not%20defined&lnn=-1&fn=&cid=21&client=symantec&publishPath=cp1&rid=300053&did=167100&errorName=ReferenceError
65.9.66.72
https://recaptcha.net
unknown
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1729765929179
52.214.221.135
https://static.nortoncdn.com/static/nmpcdn/static/nmp2024.3.20.989/dist/llonboard/norton/
unknown
https://oms.norton.com/b/ss/symanteccom/1/JS-2.22.0-LDQM/s36224975530980?AQB=1&ndh=1&pf=1&t=24%2F9%2F2024%206%3A32%3A14%204%20240&sdid=39192FC575EFDA9E-79DEBE6A3E839DD8&mid=87272364839168777360339105128304970746&aamlh=6&ce=UTF-8&pageName=mynorton%3Aus%3Alifelock&g=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&v10=de527324-05e3-46eb-a2a7-43ab29c1aff7&c14=D%3Dv16&v18=mynorton%3Aus%3Alifelock&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&v29=not%20signed%20in&c35=D%3DpageName&c41=mynorton&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=Norton%20-%20My%20Subscription&v48=D%3Dc49&c49=lifelock&v49=D%3Dc48&v57=87272364839168777360339105128304970746&c59=mynorton%3Alifelock&v59=D%3Dc59&v72=mynorton&c75=D%3Dv57&v96=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&v133=na&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1
63.140.62.222
https://support.google.com/recaptcha/?hl=en#6223828
unknown
https://cloud.google.com/contact
unknown
https://symantec.demdex.net/dest5.html?d_nsid=0
52.17.240.122
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
unknown
https://nexus.ensighten.com/symantec/cp1/code/5a511eff6ece75f86134f0b7c2baed9b.js
65.9.66.72
https://getbootstrap.com)
unknown
https://my.norton.com/extspa/llonboard/idv/form2
https://support.google.com/recaptcha/#6175971
unknown
https://www.gstatic.c..?/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__.
unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://www.google.com/recaptcha/api2/
unknown
https://nexus.ensighten.com/symantec/cp1/code/55ed090a14f40e6b7b02a1bbfc72a1a9.js?conditionId0=423130
65.9.66.72
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZxoiLQAAAJqQkgNx
52.214.221.135
https://support.google.com/recaptcha
unknown
There are 18 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
adobetarget.data.adobedc.net
66.235.152.225
d2pz9khpjpljz2.cloudfront.net
65.9.66.72
ax-0001.ax-dc-msedge.net
150.171.29.10
norton.com.ssl.sc.omtrdc.net
63.140.62.222
www.google.com
142.250.185.132
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com
52.214.221.135
ax-0001.ax-msedge.net
150.171.28.10
fp2e7a.wpc.phicdn.net
192.229.221.95
symantec.tt.omtrdc.net
unknown
oms.norton.com
unknown
assets.adobedtm.com
unknown
www.nortonlifelock.com
unknown
my.norton.com
unknown
webapps.norton.com
unknown
dpm.demdex.net
unknown
cm.everesttech.net
unknown
nexus.ensighten.com
unknown
symantec.demdex.net
unknown
static.nortoncdn.com
unknown
There are 9 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.8
unknown
unknown
52.17.240.122
unknown
United States
52.208.241.210
unknown
United States
66.235.152.225
adobetarget.data.adobedc.net
United States
63.140.62.222
norton.com.ssl.sc.omtrdc.net
United States
65.9.66.72
d2pz9khpjpljz2.cloudfront.net
United States
150.171.28.10
ax-0001.ax-msedge.net
United States
65.9.66.103
unknown
United States
142.250.186.36
unknown
United States
142.250.185.132
www.google.com
United States
63.140.62.17
unknown
United States
239.255.255.250
unknown
Reserved
150.171.29.10
ax-0001.ax-dc-msedge.net
United States
142.250.186.164
unknown
United States
52.214.221.135
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com
United States
There are 5 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://my.norton.com/extspa/llonboard/idv/form2
https://my.norton.com/extspa/llonboard/idv/form2
https://my.norton.com/extspa/llonboard/idv/form2
https://my.norton.com/extspa/llonboard/idv/form2
https://my.norton.com/extspa/llonboard/idv/form2
https://my.norton.com/extspa/llonboard/idv/llVerify
https://my.norton.com/extspa/llonboard/idv/llVerify