download: | index.html |
Full analysis: | https://app.any.run/tasks/d11575e6-59a1-4432-9002-4dda2a1de18a |
Verdict: | Malicious activity |
Analysis date: | June 19, 2019, 06:33:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators |
MD5: | 2DE089163FF2F89EA894DA84ECC16EF0 |
SHA1: | EF6A220F3200B4612AEA16D2CA8F97E52AFEAD32 |
SHA256: | 604B1F50E619C316985A70D660295BE3835C155A81DB8222C5B481F2B302F458 |
SSDEEP: | 384:KPzucrqowWl7QjDgFjoxi8n3/GPJaO2cKj:fajoxiEsaOlKj |
.txt | | | Text - UTF-8 encoded (100) |
---|
HTTPEquivXUACompatible: | IE=edge |
---|---|
ContentType: | text/html; charset=UTF-8 |
Description: | youtube,youtube music,unblock youtube,youtube videos,youtube to mp3,youtube songs,youtube movies,youtube music videos,youtube proxy,youtube broadcast yourself,listen to youtube,youtube broadcast,utube,youtub |
Keywords: | Unblock YouTube grants you access to any blocked web page. This site is compatible with YouTube Videos and has servers located in Europe.,youtube,youtube music,unblock youtube,youtube videos,youtube to mp3,youtube songs,youtube movies,youtube music videos,youtube proxy,youtube broadcast yourself,listen to youtube,youtube broadcast,utube,youtub |
Title: | Unblock YouTube grants you access to any blocked web page. This site is compatible with YouTube Videos and has servers located in Europe.youtube,youtube music,unblock youtube,youtube videos,youtube to mp3,youtube songs,youtube movies,youtube music videos,youtube proxy,youtube broadcast yourself,listen to youtube,youtube broadcast,utube,youtub |
alexaVerifyID: | fSWVak30jpQ63Nap7Sg7C4QUhc8 |
viewport: | width=device-width, initial-scale=1, maximum-scale=1 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2464 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2144 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2464 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
552 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2464 CREDAT:203009 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4088 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2464 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2464 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2144 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\bootstrap[1].css | text | |
MD5:5CDDE728ED9268DD1266453A548B03A8 | SHA256:7648BE07FF9FB3EF0CAF50027419BC8A0EDBF0E2EF1AF3A0B5DE520F14704442 | |||
2464 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\StructuredQuery.log | text | |
MD5:120EB0D608FBCB300873985E3A68AE62 | SHA256:55E0F865C39F93BDDC6D895086BBD9AC2DB56589B270ABFFA33EF49527CD461A | |||
2144 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\jquery-ui[1].css | text | |
MD5:69C5D597F54236958C504088FA1C4F9C | SHA256:5C1B0496A851F2D0FECD978C46949D2C4C8A1806F43C70097785458CD1DA9FF3 | |||
2144 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\application[1].js | text | |
MD5:A4A4A8D805B868598E3AED208154677D | SHA256:90DE614EA109FD0EFD8A4A3C870686EC78DE0A50837731D992BDA445E5AB4D9C | |||
2144 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\s[1].js | text | |
MD5:0678130915A269ABACE9528D54499E7E | SHA256:992A590A3EA614A8B6CCD0433782753C3C13CE08727AE2FAED3A68A9DB2C9B57 | |||
2144 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\app[1].css | text | |
MD5:1111F554B9BC1B06EF432176F141DD01 | SHA256:0EC874F24035B35318DAE69A39866E7759555ECBEED596CB6F071BA3B30CD944 | |||
2144 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\upload_video[1].css | text | |
MD5:C17996DCF65C4A65DB22B3BF38E8AED5 | SHA256:FDA610D8C0847A6D7CCCBA517667E5D3DB7F9F057FBC92B0809B7C72F29612C8 | |||
552 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@vidco[1].txt | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2144 | iexplore.exe | GET | 200 | 104.27.153.110:80 | http://vidco.su/themes/ytspace/upload_video.css | US | text | 203 b | suspicious |
2144 | iexplore.exe | GET | 200 | 104.27.153.110:80 | http://vidco.su/static/js/s.js | US | text | 990 b | suspicious |
2144 | iexplore.exe | GET | 200 | 104.27.153.110:80 | http://vidco.su/static/css/app.css | US | text | 13.0 Kb | suspicious |
2144 | iexplore.exe | GET | 200 | 104.27.153.110:80 | http://vidco.su/static/css/bootstrap.css | US | text | 20.2 Kb | suspicious |
2144 | iexplore.exe | GET | 200 | 104.27.153.110:80 | http://vidco.su/static/js/bootstrap.js | US | text | 13.3 Kb | suspicious |
2144 | iexplore.exe | GET | 200 | 104.27.153.110:80 | http://vidco.su/static/application.js | US | text | 1.53 Kb | suspicious |
552 | iexplore.exe | GET | 200 | 172.217.16.138:80 | http://ajax.googleapis.com/ajax/libs/jqueryui/1/jquery-ui.min.js | US | text | 60.0 Kb | whitelisted |
2144 | iexplore.exe | GET | 200 | 104.27.153.110:80 | http://vidco.su/static/js/jquery.min.js | US | text | 32.3 Kb | suspicious |
2144 | iexplore.exe | GET | 200 | 104.27.153.110:80 | http://vidco.su/static/css/jquery-ui.css?v=1.2 | US | text | 6.03 Kb | suspicious |
552 | iexplore.exe | GET | 200 | 104.27.153.110:80 | http://vidco.su/static/js/s.js | US | text | 990 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 209.197.3.15:139 | maxcdn.bootstrapcdn.com | Highwinds Network Group, Inc. | US | whitelisted |
2464 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2144 | iexplore.exe | 104.27.153.110:80 | vidco.su | Cloudflare Inc | US | shared |
2144 | iexplore.exe | 172.217.16.138:80 | ajax.googleapis.com | Google Inc. | US | whitelisted |
552 | iexplore.exe | 104.27.153.110:80 | vidco.su | Cloudflare Inc | US | shared |
4 | System | 209.197.3.15:445 | maxcdn.bootstrapcdn.com | Highwinds Network Group, Inc. | US | whitelisted |
— | — | 172.217.16.138:80 | ajax.googleapis.com | Google Inc. | US | whitelisted |
552 | iexplore.exe | 209.197.3.15:80 | maxcdn.bootstrapcdn.com | Highwinds Network Group, Inc. | US | whitelisted |
552 | iexplore.exe | 172.217.16.200:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
2464 | iexplore.exe | 104.27.153.110:80 | vidco.su | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
maxcdn.bootstrapcdn.com |
| whitelisted |
vidco.su |
| suspicious |
ajax.googleapis.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
oss.maxcdn.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
pariwiki.com.ph |
| unknown |
dns.msftncsi.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .su TLD (Soviet Union) Often Malware Related |
2144 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
2144 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
2144 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
2144 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
2144 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
2144 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
2144 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
2144 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
2144 | iexplore.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |