URL: | http://jdsports.top/ |
Full analysis: | https://app.any.run/tasks/39aa15d2-1837-43be-b0bd-6708b64fb2f4 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2019, 18:12:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 54E6BFEEB2462A08EAC8DB2E15424CCE |
SHA1: | D2838E5B5818473E78296538CFA566FE2AADC487 |
SHA256: | 44925C56A65C91CB7E136741169AD818188BA08BB9571277312A4CDBD5F2A682 |
SSDEEP: | 3:N1KUgVMwQgn:CUov |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2984 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3280 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2884 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71938 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2760 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71939 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4048 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71940 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2984 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jdsports_top[1].txt | — | |
MD5:— | SHA256:— | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stylesheet_select_popup[1].css | text | |
MD5:915F779982573421343F4D78735AAC7F | SHA256:DB554D36F8B62DF5F880D235D01183DDB53D12FD273268BFA0C63BD2AD0FE56A | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\stylesheet_css_buttons[1].css | text | |
MD5:2B43C5405A583CCC26C735A8A0C73B65 | SHA256:F6205680EDE12D120A99E66448B68438CAFDC200ADA324EF14A12451B6090EDC | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\stylesheet_productupdates[1].css | text | |
MD5:666D49D8649FAE80BDC7DC01A6B3C7D6 | SHA256:D84E98BF39118D1DDE7441FC4C3FC054C874E491EDF892E09F62390CB582019E | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\stylesheet_slider[1].css | text | |
MD5:9FDE55290BC21D5C14F9402FE9ECEC2A | SHA256:60050AA6F2ABE6B74E95FC6606A23DA2284193B9D7E5F1FE5F55C90BC5F09147 | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jscript_jquery-touchslider[1].js | text | |
MD5:B1C97732FCFA3BE6457C0B2320B01A97 | SHA256:F50C4BD617A6AB13114B502942580804630D54DBF84B48AD4D60F32728F8738C | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\stylesheet_cart_header[1].css | text | |
MD5:C7AF725CE3DB549F0C123E6B47EEBCB8 | SHA256:2230DC3C3E53321D9738060D44014C60BA1AAD66270AA2BFA222A2A4D0AD8CF4 | |||
3280 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\jscript_z_swipe[1].js | text | |
MD5:6602F65AFB8906A18006E242E424AFE1 | SHA256:92B2679C6216C4022071F5D00A397AC99B98BE7E7FD47C14FB1492F916E4CFFD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_css_buttons.css | US | text | 1.22 Kb | suspicious |
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/ | US | html | 9.86 Kb | suspicious |
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_cart_header.css | US | text | 571 b | suspicious |
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet.css | US | text | 10.2 Kb | suspicious |
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_categories_menu.css | US | text | 1.08 Kb | suspicious |
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_znew.css | US | text | 1016 b | suspicious |
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_productupdates.css | US | text | 24.9 Kb | suspicious |
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/includes/templates/N_Shoes_mobile/jscript/jscript_xcategories.js | US | text | 1003 b | suspicious |
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_select_popup.css | US | text | 9.85 Kb | suspicious |
3280 | iexplore.exe | GET | 200 | 104.233.213.89:80 | http://jdsports.top/includes/templates/N_Shoes_mobile/css/stylesheet_slider.css | US | text | 1.42 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2984 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3280 | iexplore.exe | 104.233.213.89:80 | jdsports.top | PEG TECH INC | US | suspicious |
3280 | iexplore.exe | 220.243.212.50:443 | js.users.51.la | QUANTIL, INC | CN | unknown |
3280 | iexplore.exe | 183.131.207.78:80 | ia.51.la | DaLi | CN | suspicious |
2984 | iexplore.exe | 104.233.213.89:80 | jdsports.top | PEG TECH INC | US | suspicious |
3280 | iexplore.exe | 31.13.90.6:443 | connect.facebook.net | Facebook, Inc. | IE | whitelisted |
2884 | iexplore.exe | 220.243.212.50:443 | js.users.51.la | QUANTIL, INC | CN | unknown |
2884 | iexplore.exe | 31.13.90.6:443 | connect.facebook.net | Facebook, Inc. | IE | whitelisted |
2884 | iexplore.exe | 104.233.213.89:80 | jdsports.top | PEG TECH INC | US | suspicious |
2760 | iexplore.exe | 220.243.212.50:443 | js.users.51.la | QUANTIL, INC | CN | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
jdsports.top |
| suspicious |
js.users.51.la |
| whitelisted |
connect.facebook.net |
| whitelisted |
ia.51.la |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |
3280 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |
2884 | iexplore.exe | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |