URL: | http://ncaasoccerageny.com |
Full analysis: | https://app.any.run/tasks/7d8d61f3-69da-4cf5-bd48-3b2a9067f99e |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 20:33:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 1EA2504460CEE4AE80161769A14AFDFC |
SHA1: | 2D0F357D1F54B8CB3C62F125961A1C069AEE8C3C |
SHA256: | 72CFF0B2E3786A6BA9111318C70B9DD75695A61EF631BEA1559D5CF59FC03552 |
SSDEEP: | 3:N1KQeRyrAL6GKI:CQegUL6K |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1516 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3004 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1516 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1516 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1516 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3004 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:BD5A4A1A788E206742A211026E797577 | SHA256:78FA48FF0A0D3B0D9B72AEA6B8215495AB799332607428B8931C5AFCB3C30B4F | |||
3004 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:C55EC8C5D87EC81C6412AB211635B582 | SHA256:FEF2AF7A4E63D23DCEFF1A951B411AA625615E213F988D8B36284E3E66CC58A0 | |||
3004 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ATO8RXTA\iframe[1].htm | html | |
MD5:295FECF5E5022E9D9D2FAB3CC206E229 | SHA256:FFFA480CF4F718789B6771AA6A0BF2D4AC9EB156DD4AAD8A354524CC6704189E | |||
3004 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:31BDDDCE2F5716DD1A98D539F47D92C9 | SHA256:97914E8950874E78970A26A1080D4EC4F09FA9AE6440172A66FD4A4C42996944 | |||
3004 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BEJ9V7FI\style_namecheap[1].css | text | |
MD5:FCFBF44DB7A3ECA961510E9DF77868BF | SHA256:8CF5887217A8A780E49A5C6CE3773C70E79B33429212EF3325D8F6E0094A0899 | |||
3004 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@google[2].txt | — | |
MD5:— | SHA256:— | |||
3004 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ATO8RXTA\ads[1].txt | — | |
MD5:— | SHA256:— | |||
3004 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SCEK3V2A\style[1].css | text | |
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5 | SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3004 | iexplore.exe | GET | 200 | 13.32.158.173:80 | http://i.cdnpark.com/themes/assets/style.css | US | text | 343 b | whitelisted |
3004 | iexplore.exe | GET | 200 | 198.54.117.218:80 | http://www.ncaasoccerageny.com/ | US | html | 4.98 Kb | malicious |
1516 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
1516 | iexplore.exe | GET | — | 198.54.117.218:80 | http://www.ncaasoccerageny.com/favicon.ico | US | — | — | malicious |
3004 | iexplore.exe | GET | 302 | 192.64.119.42:80 | http://ncaasoccerageny.com/ | US | html | 54 b | suspicious |
3004 | iexplore.exe | GET | 200 | 172.217.16.132:80 | http://www.google.com/adsense/domains/caf.js | US | text | 54.9 Kb | whitelisted |
3004 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://parkingcrew.net/jsparkcaf.php?regcn=243142&_v=2&_h=www.ncaasoccerageny.com&_t=1571085245456 | DE | html | 2.48 Kb | whitelisted |
3004 | iexplore.exe | GET | 200 | 13.32.158.173:80 | http://i.cdnpark.com/themes/registrar/style_namecheap.css | US | text | 1.73 Kb | whitelisted |
3004 | iexplore.exe | GET | 200 | 185.53.178.30:80 | http://js.parkingcrew.net/assets/scripts/registrar-caf/243142.js | DE | text | 2.92 Kb | whitelisted |
3004 | iexplore.exe | GET | 200 | 13.32.158.173:80 | http://i.cdnpark.com/themes/registrar/images/logo_namecheap.png | US | image | 4.80 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3004 | iexplore.exe | 185.53.179.29:80 | parkingcrew.net | Team Internet AG | DE | malicious |
3004 | iexplore.exe | 198.54.117.218:80 | www.ncaasoccerageny.com | Namecheap, Inc. | US | malicious |
— | — | 192.64.119.42:80 | ncaasoccerageny.com | Namecheap, Inc. | US | suspicious |
3004 | iexplore.exe | 13.32.158.173:80 | i.cdnpark.com | Amazon.com, Inc. | US | whitelisted |
1516 | iexplore.exe | 198.54.117.218:80 | www.ncaasoccerageny.com | Namecheap, Inc. | US | malicious |
3004 | iexplore.exe | 172.217.16.195:80 | www.gstatic.com | Google Inc. | US | whitelisted |
— | — | 172.217.16.132:443 | www.google.com | Google Inc. | US | whitelisted |
3004 | iexplore.exe | 172.217.16.132:80 | www.google.com | Google Inc. | US | whitelisted |
3004 | iexplore.exe | 172.217.16.132:443 | www.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
ncaasoccerageny.com |
| suspicious |
www.ncaasoccerageny.com |
| malicious |
i.cdnpark.com |
| whitelisted |
parkingcrew.net |
| whitelisted |
www.google.com |
| whitelisted |
js.parkingcrew.net |
| whitelisted |
www.gstatic.com |
| whitelisted |