My results of POC Stealing Windows Credentials Using Google Chrome

I was reading an article written by Bosko Stankovic from Defence Code Titled Stealing Windows Credentials Using Google Chrome and in it he had a POC that in theory could lead Chrome web browser to download malicious code and simply opening the folder would lead to running the malicious code.

In his article he stated that Chrome gave no warning that something was being downloaded. In my case I was warned so I sent him a email with my results, The strange thing is that in his email it seems we are running the same version of chrome --- Version 58.0.3029.110 (64-bit)

Here are my results:

Highlighting the text andd selecting go to page results:

I have made Video of my results.

Note: My poor old laptop is very slow

Note 2: Sorry about having to use Flash I don't think I have any control over the format of video used

Two Links to the authors website with different results than mine.

 http://www.defensecode.com/public/Bosko/ChromeVideo1.webm
http://www.defensecode.com/public/Bosko/ChromeVideo2.webm

May 14 IP's that my router does not like

Update to my router log 05/14/2017
I wonder if any of these IP's are related to the ransomware attacks

     17 94.245.121.252
      9 50.168.76.255
      8 91.134.218.255
      8 24.89.6.255
      6 203.173.158.255
      6 112.207.57.255
      5 91.138.215.255
      5 186.88.186.255
      5 175.170.3.255
      5 141.0.11.241
      4 49.151.138.255
      4 151.42.0.255
      4 112.211.123.255
      3 94.249.51.255
      3 84.208.221.255
      3 54.174.16.255
      2 46.190.11.255
      2 192.0.72.3
      1 90.94.202.255
      1 90.203.168.255
      1 88.73.249.255
      1 87.127.159.156
      1 79.113.11.255
      1 77.180.243.255
      1 67.193.245.255
      1 41.182.39.255
      1 37.228.107.241
      1 34.207.90.255
      1 31.46.223.255
      1 31.168.182.255
      1 31.13.74.1
      1 27.68.43.255
      1 24.224.226.255
      1 192.0.77.32
      1 184.7.69.255
      1 180.52.56.200
      1 178.166.44.255
      1 176.111.45.255
      1 167.250.178.255
      1 163.172.214.231
      1 151.224.112.255
      1 122.2.248.255
      1 115.76.221.255
      1 114.249.172.255
      1 104.37.200.255

Update:
June 2 2017

     14 90.191.204.255
      6 79.151.8.255
      5 94.245.121.252
      5 192.168.1.3
      4 171.76.103.255
      4 112.210.212.255
      3 89.143.113.255
      3 36.74.106.255
      3 188.55.224.255
      3 156.194.108.255
      2 95.18.66.255
      2 94.99.174.255
      2 83.216.94.255
      2 27.74.180.255
      2 179.181.188.255
      1 90.193.106.255
      1 86.137.202.255
      1 49.151.138.255
      1 49.146.83.255
      1 46.186.161.70
      1 45.46.49.255
      1 31.166.108.255
      1 31.154.81.19
      1 27.32.160.166
      1 23.206.226.183
      1 186.104.64.255
      1 150.107.8.255
      1 1.129.96.7
      1 112.211.187.255
      1 104.88.48.154

{
  "ip": "90.191.204.255",
  "hostname": "No Hostname",
  "city": "",
  "region": "",
  "country": "EE",
  "loc": "59.0000,26.0000",
  "org": "AS3249 Telia Eesti AS"
}{
  "ip": "79.151.8.255",
  "hostname": "No Hostname",
  "city": "Badajoz",
  "region": "Extremadura",
  "country": "ES",
  "loc": "38.8779,-6.9706",
  "org": "AS3352 TELEFONICA DE ESPANA",
  "postal": "06001"
}{
  "ip": "94.245.121.252",
  "hostname": "No Hostname",
  "city": "Dublin",
  "region": "Leinster",
  "country": "IE",
  "loc": "53.3389,-6.2595",
  "org": "AS8075 Microsoft Corporation"
}{
  "ip": "192.168.1.3",
  "bogon": true
}{
  "ip": "171.76.103.255",
  "hostname": "No Hostname",
  "city": "Rajajinagar",
  "region": "Karnataka",
  "country": "IN",
  "loc": "12.9847,77.5491",
  "org": "AS24560 Bharti Airtel Ltd., Telemedia Services"
}{
  "ip": "112.210.212.255",
  "hostname": "No Hostname",
  "city": "Dauis",
  "region": "Bohol",
  "country": "PH",
  "loc": "9.6253,123.8658",
  "org": "AS9299 Philippine Long Distance Telephone Company"
}{
  "ip": "89.143.113.255",
  "hostname": "No Hostname",
  "city": "Kranj",
  "region": "Kranj",
  "country": "SI",
  "loc": "46.2389,14.3556",
  "org": "AS5603 Telekom Slovenije d.d.",
  "postal": "4000"
}{
  "ip": "36.74.106.255",
  "hostname": "No Hostname",
  "city": "Balerejo",
  "region": "East Java",
  "country": "ID",
  "loc": "-7.5568,111.5804",
  "org": "AS17974 PT Telekomunikasi Indonesia"
}{
  "ip": "188.55.224.255",
  "hostname": "No Hostname",
  "city": "Jeddah",
  "region": "Makkah Province",
  "country": "SA",
  "loc": "21.5169,39.2192",
  "org": "AS25019 Saudi Telecom Company JSC"
}{
  "ip": "156.194.108.255",
  "hostname": "No Hostname",
  "city": "Omrania",
  "region": "Giza",
  "country": "EG",
  "loc": "29.9981,31.1986",
  "org": "AS8452 TE-AS"
}{
  "ip": "95.18.66.255",
  "hostname": "No Hostname",
  "city": "Salamanca",
  "region": "Castille and León",
  "country": "ES",
  "loc": "40.9688,-5.6639",
  "org": "AS12715 Orange Espagne S.A.U.",
  "postal": "37003"
}{
  "ip": "94.99.174.255",
  "hostname": "No Hostname",
  "city": "Jeddah",
  "region": "Makkah Province",
  "country": "SA",
  "loc": "21.5169,39.2192",
  "org": "AS25019 Saudi Telecom Company JSC"
}{
  "ip": "83.216.94.255",
  "hostname": "my83-216-94-255.cust.relish.net",
  "city": "London",
  "region": "England",
  "country": "GB",
  "loc": "51.5092,-0.0955",
  "org": "AS29009 UK Broadband Ltd.",
  "postal": "EC4N"
}{
  "ip": "27.74.180.255",
  "hostname": "No Hostname",
  "city": "Ho Chi Minh City",
  "region": "Ho Chi Minh City",
  "country": "VN",
  "loc": "10.8142,106.6438",
  "org": "AS7552 Vietel Corporation"
}{
  "ip": "179.181.188.255",
  "hostname": "179.181.188.255.dynamic.adsl.gvt.net.br",
  "city": "Goiânia",
  "region": "Goias",
  "country": "BR",
  "loc": "-16.7010,-49.2668",
  "org": "AS18881 TELEFÔNICA BRASIL S.A"
}{
  "ip": "90.193.106.255",
  "hostname": "5ac16aff.bb.sky.com",
  "city": "Rowley Regis",
  "region": "England",
  "country": "GB",
  "loc": "52.4833,-2.0667",
  "org": "AS5607 Sky UK Limited",
  "postal": "B65"
}{
  "ip": "86.137.202.255",
  "hostname": "No Hostname",
  "city": "Winchester",
  "region": "England",
  "country": "GB",
  "loc": "51.0833,-1.3500",
  "org": "AS2856 British Telecommunications PLC",
  "postal": "SO22"
}{
  "ip": "49.151.138.255",
  "hostname": "No Hostname",
  "city": "",
  "region": "National Capital Region",
  "country": "PH",
  "loc": "14.6492,120.9826",
  "org": "AS9299 Philippine Long Distance Telephone Company",
  "postal": "1106"
}{
  "ip": "49.146.83.255",
  "hostname": "No Hostname",
  "city": "Pasig",
  "region": "National Capital Region",
  "country": "PH",
  "loc": "14.5732,121.0697",
  "org": "AS9299 Philippine Long Distance Telephone Company",
  "postal": "1600"
}{
  "ip": "46.186.161.70",
  "hostname": "No Hostname",
  "city": "Kuwait City",
  "region": "Al Asimah",
  "country": "KW",
  "loc": "29.3697,47.9783",
  "org": "AS42961 Mobile Telecommunications Company"
}{
  "ip": "45.46.49.255",
  "hostname": "cpe-45-46-49-255.maine.res.rr.com",
  "city": "Lewiston",
  "region": "Maine",
  "country": "US",
  "loc": "44.0845,-70.1696",
  "org": "AS11351 Time Warner Cable Internet LLC",
  "postal": "04240"
}{
  "ip": "31.166.108.255",
  "hostname": "No Hostname",
  "city": "Ru'ays",
  "region": "Makkah",
  "country": "SA",
  "loc": "21.5236,39.1794",
  "org": "AS35819 Bayanat Al-Oula For Network Services"
}{
  "ip": "31.154.81.19",
  "hostname": "No Hostname",
  "city": "",
  "region": "",
  "country": "IL",
  "loc": "31.5000,34.7500",
  "org": "AS12400 Partner Communications Ltd."
}{
  "ip": "27.32.160.166",
  "hostname": "No Hostname",
  "city": "Mulgrave",
  "region": "Victoria",
  "country": "AU",
  "loc": "-37.9167,145.2000",
  "org": "AS7545 TPG Internet Pty Ltd",
  "postal": "3170"
}{
  "ip": "23.206.226.183",
  "hostname": "a23-206-226-183.deploy.static.akamaitechnologies.com",
  "city": "Cambridge",
  "region": "Massachusetts",
  "country": "US",
  "loc": "42.3626,-71.0843",
  "org": "AS16625 Akamai Technologies, Inc.",
  "postal": "02142"
}{
  "ip": "186.104.64.255",
  "hostname": "No Hostname",
  "city": "Talca",
  "region": "Maule",
  "country": "CL",
  "loc": "-35.4264,-71.6554",
  "org": "AS7418 TELEFÓNICA CHILE S.A."
}{
  "ip": "150.107.8.255",
  "hostname": "No Hostname",
  "city": "Noida",
  "region": "Uttar Pradesh",
  "country": "IN",
  "loc": "28.5700,77.3200",
  "org": "AS17747 SITI NETWORKS LIMITED",
  "postal": "201301"
}{
  "ip": "1.129.96.7",
  "hostname": "No Hostname",
  "city": "Sydney",
  "region": "New South Wales",
  "country": "AU",
  "loc": "-33.7912,151.1298",
  "org": "AS1221 Telstra Pty Ltd",
  "postal": "2113"
}{
  "ip": "112.211.187.255",
  "hostname": "No Hostname",
  "city": "Cavite City",
  "region": "Calabarzon",
  "country": "PH",
  "loc": "14.4837,120.8988",
  "org": "AS9299 Philippine Long Distance Telephone Company",
  "postal": "4100"
}{
  "ip": "104.88.48.154",
  "hostname": "a104-88-48-154.deploy.static.akamaitechnologies.com",
  "city": "Cambridge",
  "region": "Massachusetts",
  "country": "US",
  "loc": "42.3626,-71.0843",
  "org": "AS2914 NTT America, Inc.",
  "postal": "02142"
}

{

  "ip": "94.245.121.252",

  "hostname": "No Hostname",

  "city": "Dublin",

  "region": "Leinster",

  "country": "IE",

  "loc": "53.3389,-6.2595",

  "org": "AS8075 Microsoft Corporation"

}{

  "ip": "50.168.76.255",

  "hostname": "c-50-168-76-255.hsd1.ca.comcast.net",

  "city": "San Francisco",

  "region": "California",

  "country": "US",

  "loc": "37.7587,-122.4381",

  "org": "AS7922 Comcast Cable Communications, LLC",

  "postal": "94114"

}{

  "ip": "91.134.218.255",

  "hostname": "No Hostname",

  "city": "",

  "region": "",

  "country": "FR",

  "loc": "48.8582,2.3387",

  "org": "AS16276 OVH SAS"

}{

  "ip": "24.89.6.255",

  "hostname": "dyn-6-255.myactv.net",

  "city": "Saint James",

  "region": "Maryland",

  "country": "US",

  "loc": "39.5626,-77.7580",

  "org": "AS14291 Antietam Cable Television, Inc",

  "postal": "21781"

}{

  "ip": "203.173.158.255",

  "hostname": "No Hostname",

  "city": "Christchurch",

  "region": "Canterbury",

  "country": "NZ",

  "loc": "-43.5831,172.6644",

  "org": "AS9500 Vodafone NZ Maintainer Object",

  "postal": "8022"

}{

  "ip": "112.207.57.255",

  "hostname": "No Hostname",

  "city": "Intramuros",

  "region": "National Capital Region",

  "country": "PH",

  "loc": "14.5906,120.9759",

  "org": "AS9299 Philippine Long Distance Telephone Company",

  "postal": "1018"

}{

  "ip": "91.138.215.255",

  "hostname": "No Hostname",

  "city": "Athens",

  "region": "Attica",

  "country": "GR",

  "loc": "37.9833,23.7333",

  "org": "AS3329 VODAFONE-PANAFON HELLENIC TELECOMMUNICATIONS COMPANY SA"

}{

  "ip": "186.88.186.255",

  "hostname": "186-88-186-255.genericrev.cantv.net",

  "city": "Maturín",

  "region": "Monagas",

  "country": "VE",

  "loc": "9.7500,-63.1767",

  "org": "AS8048 CANTV Servicios, Venezuela"

}{

  "ip": "175.170.3.255",

  "hostname": "No Hostname",

  "city": "Dalian",

  "region": "Liaoning",

  "country": "CN",

  "loc": "38.9122,121.6022",

  "org": "AS4837 CNCGROUP China169 Backbone"

}{

  "ip": "141.0.11.241",

  "hostname": "global-4-lvs-colossus-1.opera-mini.net",

  "city": "",

  "region": "",

  "country": "US",

  "loc": "38.0000,-97.0000",

  "org": "AS39832 Opera Software AS"

}{

  "ip": "49.151.138.255",

  "hostname": "No Hostname",

  "city": "",

  "region": "National Capital Region",

  "country": "PH",

  "loc": "14.6492,120.9826",

  "org": "AS9299 Philippine Long Distance Telephone Company",

  "postal": "1106"

}{

  "ip": "151.42.0.255",

  "hostname": "No Hostname",

  "city": "Bologna",

  "region": "Emilia-Romagna",

  "country": "IT",

  "loc": "44.4938,11.3387",

  "org": "AS1267 Wind Telecomunicazioni SpA",

  "postal": "40131"

}{

  "ip": "112.211.123.255",

  "hostname": "No Hostname",

  "city": "Vergara",

  "region": "National Capital Region",

  "country": "PH",

  "loc": "14.5766,121.0262",

  "org": "AS9299 Philippine Long Distance Telephone Company",

  "postal": "1551"

}{

  "ip": "94.249.51.255",

  "hostname": "No Hostname",

  "city": "Umm Nuwarah",

  "region": "`Amman",

  "country": "JO",

  "loc": "31.9333,35.8000",

  "org": "AS8376 Jordan Data Communications Company LLC"

}{

  "ip": "84.208.221.255",

  "hostname": "No Hostname",

  "city": "Oslo",

  "region": "Oslo County",

  "country": "NO",

  "loc": "59.9050,10.7487",

  "org": "AS41164 Get AS",

  "postal": "0001"

}{

  "ip": "54.174.16.255",

  "hostname": "ec2-54-174-16-255.compute-1.amazonaws.com",

  "city": "Ashburn",

  "region": "Virginia",

  "country": "US",

  "loc": "39.0481,-77.4728",

  "org": "AS14618 Amazon.com, Inc.",

  "postal": "20149"

}{

  "ip": "46.190.11.255",

  "hostname": "No Hostname",

  "city": "Keratsini",

  "region": "Attica",

  "country": "GR",

  "loc": "37.9625,23.6197",

  "org": "AS25472 WIND HELLAS TELECOMMUNICATIONS SA"

}{

  "ip": "192.0.72.3",

  "hostname": "No Hostname",

  "city": "San Francisco",

  "region": "California",

  "country": "US",

  "loc": "37.7484,-122.4156",

  "org": "AS2635 Automattic, Inc",

  "postal": "94110"

}{

  "ip": "90.94.202.255",

  "hostname": "No Hostname",

  "city": "",

  "region": "",

  "country": "ES",

  "loc": "40.4000,-3.6833",

  "org": "AS12715 Orange Espagne S.A.U."

}{

  "ip": "90.203.168.255",

  "hostname": "5acba8ff.bb.sky.com",

  "city": "Cardiff",

  "region": "Cardiff",

  "country": "GB",

  "loc": "51.5196,-3.1196",

  "org": "AS5607 Sky UK Limited",

  "postal": "CF30"

}{

  "ip": "88.73.249.255",

  "hostname": "dslb-088-073-249-255.088.073.pools.vodafone-ip.de",

  "city": "Werdau",

  "region": "Saxony",

  "country": "DE",

  "loc": "50.7167,12.3667",

  "org": "AS3209 Vodafone GmbH",

  "postal": "08412"

}{

  "ip": "87.127.159.156",

  "hostname": "87-127-159-156.static.enta.net",

  "city": "Goole",

  "region": "East Riding of Yorkshire",

  "country": "GB",

  "loc": "53.7167,-0.8667",

  "org": "AS8468 ENTANET International Limited",

  "postal": "DM14"

}{

  "ip": "79.113.11.255",

  "hostname": "No Hostname",

  "city": "Salonta",

  "region": "Bihor",

  "country": "RO",

  "loc": "46.8000,21.6500",

  "org": "AS8708 RCS & RDS SA",

  "postal": "415500"

}{

  "ip": "77.180.243.255",

  "hostname": "No Hostname",

  "city": "Berlin",

  "region": "Land Berlin",

  "country": "DE",

  "loc": "52.5155,13.4062",

  "org": "AS6805 Telefonica Germany GmbH & Co.OHG",

  "postal": "10317"

}{

  "ip": "67.193.245.255",

  "hostname": "d67-193-245-255.home3.cgocable.net",

  "city": "Kingston",

  "region": "Ontario",

  "country": "CA",

  "loc": "44.2569,-76.4717",

  "org": "AS7992 Cogeco Cable",

  "postal": "K7K"

}{

  "ip": "41.182.39.255",

  "hostname": "No Hostname",

  "city": "Okahandja",

  "region": "Otjozondjupa",

  "country": "NA",

  "loc": "-21.9833,16.9167",

  "org": "AS36996 Telecom Namibia"

}{

  "ip": "37.228.107.241",

  "hostname": "global-4-lvs-hopper-1.opera-mini.net",

  "city": "Ashburn",

  "region": "Virginia",

  "country": "US",

  "loc": "39.0180,-77.5390",

  "org": "AS39832 Opera Software AS",

  "postal": "20147"

}{

  "ip": "34.207.90.255",

  "hostname": "ec2-34-207-90-255.compute-1.amazonaws.com",

  "city": "Garwood",

  "region": "New Jersey",

  "country": "US",

  "loc": "40.6518,-74.3229",

  "org": "AS14618 Amazon.com, Inc.",

  "postal": "07027"

}{

  "ip": "31.46.223.255",

  "hostname": "No Hostname",

  "city": "Cigand",

  "region": "Borsod-Abaúj-Zemplén",

  "country": "HU",

  "loc": "48.2500,21.9000",

  "org": "AS5483 Magyar Telekom plc.",

  "postal": "3973"

}{

  "ip": "31.168.182.255",

  "hostname": "No Hostname",

  "city": "Ramat Gan",

  "region": "Tel Aviv",

  "country": "IL",

  "loc": "32.0806,34.8142",

  "org": "AS8551 Bezeq International-Ltd"

}{

  "ip": "31.13.74.1",

  "hostname": "edge-star-shv-01-ord1.facebook.com",

  "city": "",

  "region": "",

  "country": "IE",

  "loc": "53.3472,-6.2439",

  "org": "AS32934 Facebook, Inc."

}{

  "ip": "27.68.43.255",

  "hostname": "No Hostname",

  "city": "Hanoi",

  "region": "Thanh Pho Ha Noi",

  "country": "VN",

  "loc": "21.0333,105.8500",

  "org": "AS7552 Vietel Corporation"

}{

  "ip": "24.224.226.255",

  "hostname": "blk-224-226-255.eastlink.ca",

  "city": "Halifax",

  "region": "Nova Scotia",

  "country": "CA",

  "loc": "44.6310,-63.6405",

  "org": "AS11260 EastLink",

  "postal": "B3N"

}{

  "ip": "192.0.77.32",

  "hostname": "wordpress.com",

  "city": "San Francisco",

  "region": "California",

  "country": "US",

  "loc": "37.7484,-122.4156",

  "org": "AS2635 Automattic, Inc",

  "postal": "94110"

}{

  "ip": "184.7.69.255",

  "hostname": "nv-iptv-184-7-69-255.dhcp.centurylinkservices.net",

  "city": "Las Vegas",

  "region": "Nevada",

  "country": "US",

  "loc": "36.1720,-115.2094",

  "org": "AS4283 Savvis",

  "postal": "89107"

}{

  "ip": "180.52.56.200",

  "hostname": "No Hostname",

  "city": "Okayama",

  "region": "Okayama",

  "country": "JP",

  "loc": "34.6617,133.9350",

  "org": "AS4713 NTT Communications Corporation",

  "postal": "700-0824"

}{

  "ip": "178.166.44.255",

  "hostname": "No Hostname",

  "city": "Lisbon",

  "region": "Lisbon",

  "country": "PT",

  "loc": "38.7167,-9.1333",

  "org": "AS12353 Vodafone Portugal - Communicacoes Pessoais S.A.",

  "postal": "1049-056"

}{

  "ip": "176.111.45.255",

  "hostname": "No Hostname",

  "city": "Donetsk",

  "region": "Donets'ka Oblast'",

  "country": "UA",

  "loc": "47.9917,37.7759",

  "org": "AS57960 PE Snitcar Olexandr Antonovich"

}{

  "ip": "167.250.178.255",

  "hostname": "No Hostname",

  "city": "Imaruí",

  "region": "Santa Catarina",

  "country": "BR",

  "loc": "-28.3500,-48.8167",

  "org": "AS265209 Carlos Alves da Silva - ME",

  "postal": "88770"

}{

  "ip": "163.172.214.231",

  "hostname": "163-172-214-231.rev.poneytelecom.eu",

  "city": "Amsterdam",

  "region": "North Holland",

  "country": "NL",

  "loc": "52.3500,4.9167",

  "org": "AS12876 ONLINE S.A.S.",

  "postal": "1091"

}{

  "ip": "151.224.112.255",

  "hostname": "No Hostname",

  "city": "Haslingden",

  "region": "England",

  "country": "GB",

  "loc": "53.7000,-2.3333",

  "org": "AS5607 Sky UK Limited",

  "postal": "BB4"

}{

  "ip": "122.2.248.255",

  "hostname": "No Hostname",

  "city": "Sampaloc",

  "region": "Calabarzon",

  "country": "PH",

  "loc": "14.2530,121.6374",

  "org": "AS9299 Philippine Long Distance Telephone Company",

  "postal": "1229"

}{

  "ip": "115.76.221.255",

  "hostname": "No Hostname",

  "city": "Hanoi",

  "region": "Thanh Pho Ha Noi",

  "country": "VN",

  "loc": "21.0333,105.8500",

  "org": "AS7552 Vietel Corporation"

}{

  "ip": "114.249.172.255",

  "hostname": "No Hostname",

  "city": "Beijing",

  "region": "Beijing",

  "country": "CN",

  "loc": "39.9289,116.3883",

  "org": "AS4808 China Unicom Beijing Province Network"

}{

  "ip": "104.37.200.255",

  "hostname": "104-37-200-255.tr.cgocable.ca",

  "city": "Trois-Rivières",

  "region": "Quebec",

  "country": "CA",

  "loc": "46.3695,-72.6789",

  "org": "AS11290 Cogeco Cable Holdings Inc",

  "postal": "G9A"

}

malicious IP , Script Kiddie , skiddie , bunny , Black , hat , hacker , script kiddies , script kiddy ,  hacker , lamer , noob , cracker , hack , 1337 , Banned IP , DoS attack , Smurf , attack packets , FIN Scan