URL: | http://ncaasoccerplayerageny.com |
Full analysis: | https://app.any.run/tasks/b9be7386-1d3f-4003-8064-866bcd6526b5 |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 20:14:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 4F583B78E38E049DFD120A0EB33149AA |
SHA1: | 72366428BCAEB7896B1A2A6D6E99B04D6783DE79 |
SHA256: | 85F522BC6C178A6560E3EFAC14780DE19A74DFB779E72336A8101734283F7D79 |
SSDEEP: | 3:N1KQeRyR6GKI:CQegR6K |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2168 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1152 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2168 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2168 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2168 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1152 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:0A116BFD8181B4567B4061095BC99614 | SHA256:AAF0D89D48D0A112C9686DC9B7735C35E917B64DF4C1264B1D1A4C6B8B5CD200 | |||
1152 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:8B019B3627C2CD174A230B331F853E56 | SHA256:19F0839922460EAA87433CA44E4CEEAB5FAAAEE9DCC1794EC0ADF52584D0CFC5 | |||
1152 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GXEYTUHT\desktop.ini | ini | |
MD5:4A3DEB274BB5F0212C2419D3D8D08612 | SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38 | |||
1152 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PYVHCLIN\style[1].css | text | |
MD5:96F84D0985AF87B4D4F6AE8816F9C5C5 | SHA256:93A1109ADA0CD55DEDEAF7E9C4251A7F91AC3C3E1AB85E25E37B6CD4E47D504B | |||
1152 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GXEYTUHT\caf[1].js | text | |
MD5:BF0FB0E5EEDE0D518963E4C319F98113 | SHA256:C9F620EE86C31C07C60F98AAA3A8AD3030C1C2552C28D6E02667E298573E5902 | |||
2168 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019101420191015\index.dat | dat | |
MD5:89849E26AEB06ECF55ABFD800FEACC3C | SHA256:2BBF0B1A7C9D60720535CAA0AD6B7029B9E3011C86C11867B235E3D28A3C7C4E | |||
1152 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VUEIFWU\jsparkcaf[1].php | html | |
MD5:BCD123998957F283546AE72DB1B82AEB | SHA256:A585BAE47948C8FB9DC5CBFA126AAB64C5CE631CBC8B2196561E593892251F26 | |||
1152 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019101420191015\index.dat | dat | |
MD5:BCFB90D67394BC8EDF033588739CE41C | SHA256:E8737324E52AD8B05846971FB598D4F6FFA88CF5E239E3F60A3B8BD0E8C18AF8 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1152 | iexplore.exe | GET | 200 | 13.35.253.54:80 | http://i.cdnpark.com/themes/assets/style.css | US | text | 343 b | whitelisted |
1152 | iexplore.exe | GET | 200 | 185.53.179.29:80 | http://parkingcrew.net/jsparkcaf.php?regcn=243142&_v=2&_h=www.ncaasoccerplayerageny.com&_t=1571084136780 | DE | html | 2.50 Kb | whitelisted |
2168 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
1152 | iexplore.exe | GET | 200 | 185.53.178.30:80 | http://js.parkingcrew.net/assets/scripts/registrar-caf/243142.js | DE | text | 2.92 Kb | whitelisted |
2168 | iexplore.exe | GET | — | 198.54.117.216:80 | http://www.ncaasoccerplayerageny.com/favicon.ico | US | — | — | malicious |
1152 | iexplore.exe | GET | 200 | 13.35.253.54:80 | http://i.cdnpark.com/themes/registrar/style_namecheap.css | US | text | 1.73 Kb | whitelisted |
1152 | iexplore.exe | GET | 200 | 172.217.16.132:80 | http://www.google.com/adsense/domains/caf.js | US | text | 54.9 Kb | whitelisted |
1152 | iexplore.exe | GET | 200 | 198.54.117.211:80 | http://www.ncaasoccerplayerageny.com/ | US | html | 4.99 Kb | malicious |
1152 | iexplore.exe | GET | 302 | 192.64.119.43:80 | http://ncaasoccerplayerageny.com/ | US | html | 60 b | suspicious |
1152 | iexplore.exe | GET | 200 | 185.53.178.30:80 | http://js.parkingcrew.net/assets/scripts/jsparkcaf.js | DE | text | 5.51 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2168 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1152 | iexplore.exe | 198.54.117.216:80 | www.ncaasoccerplayerageny.com | Namecheap, Inc. | US | malicious |
1152 | iexplore.exe | 192.64.119.43:80 | ncaasoccerplayerageny.com | Namecheap, Inc. | US | suspicious |
1152 | iexplore.exe | 198.54.117.211:80 | www.ncaasoccerplayerageny.com | Namecheap, Inc. | US | malicious |
1152 | iexplore.exe | 13.35.253.54:80 | i.cdnpark.com | — | US | unknown |
2168 | iexplore.exe | 198.54.117.216:80 | www.ncaasoccerplayerageny.com | Namecheap, Inc. | US | malicious |
— | — | 185.53.179.29:80 | parkingcrew.net | Team Internet AG | DE | malicious |
1152 | iexplore.exe | 172.217.16.132:80 | www.google.com | Google Inc. | US | whitelisted |
1152 | iexplore.exe | 172.217.22.67:80 | www.gstatic.com | Google Inc. | US | whitelisted |
— | — | 13.35.253.54:80 | i.cdnpark.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
ncaasoccerplayerageny.com |
| suspicious |
www.ncaasoccerplayerageny.com |
| malicious |
dns.msftncsi.com |
| shared |
i.cdnpark.com |
| whitelisted |
parkingcrew.net |
| whitelisted |
www.google.com |
| whitelisted |
js.parkingcrew.net |
| whitelisted |
www.gstatic.com |
| whitelisted |