URL: | http://www.sports-stream.link/ |
Full analysis: | https://app.any.run/tasks/7abbb44e-9a0d-41d8-98c0-c7f3bb829fd3 |
Verdict: | Malicious activity |
Analysis date: | October 19, 2020, 21:16:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 987A36310FEF118B32436EB8F7D9AA19 |
SHA1: | E51D6DB3DD39EDC23DCB6F7AECE5903981FB566A |
SHA256: | 8A0396E8A00586D6DEBD44DDD74B1AD929EDA04F43DE819B1B23461904697A53 |
SSDEEP: | 3:N1KJS4geEOK:Cc4geK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2836 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.sports-stream.link/ | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2540 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2836 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\logo3[1].png | image | |
MD5:9A5DBB301BF6B4C3A9D48A9E52809ECA | SHA256:EEA4DA6EA2F9948D0F5DFEEAAB8ED515DF525D1F67265815A27F8DDCD5748CE7 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\personal2[1].css | text | |
MD5:A666517B8F697CEA9835C9A4FB8D2956 | SHA256:BD201EE4828B07F7899D09166F114CD223BFA9B79D6FF6990DA0BD3DA06F2259 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Sky_Sports_Main_Event[1].png | image | |
MD5:3488F9079CA6805B90C19E32C6484239 | SHA256:7A02766D4B57C32250F7481AA00528459FE4F7E50582CE04A7C9DA1FB35DFF94 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXQ2ZX2T.txt | text | |
MD5:0978DCA90B91048081ACEF02452D0CF8 | SHA256:0877BB30B1A96AE1375CE321FF7EDA5363244F986AD0C7D5198FFB582D10F2F5 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\Sky_Sports_Football[1].png | image | |
MD5:74A0DEABA9CAEA2D41D2084672A726A8 | SHA256:F5C4BD661A832892815C68853A5D2C3432B1B87243FF2AA1D768D8BB0BF747D5 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\Sky_Sports_Cricket[1].png | image | |
MD5:4F7D75C813968B7C054411939BF0BA75 | SHA256:F564D64141BF7AFBB2247FFB036F951FECE2A48A2EBF442308845FF43F8C3ABE | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | smt | |
MD5:1F45DD8D51ABED0ECABD55BFF8EEA081 | SHA256:BBC9F83DDDD80AFE4613F30EC715023897B7F42B96EB6294F64D87A4E98787AB | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\BT_Sport_2[1].png | image | |
MD5:4AC5918D199878C9C2B6BB4515340F70 | SHA256:2DA24437D68338C77999CB798A35B79D594427CCCB455AF6FB8343CA4F5B9750 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\Sky_Sports_Golf[1].png | image | |
MD5:4B0DC3AE1A89E13118374D59F5153AE6 | SHA256:B7A690361F1EE834E09A85E8DFF91D3F536AA62B3D41AFE6D6E4CB6DA1390489 | |||
2540 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\SQ6LE2S0.txt | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/logo/Sky_Sports_Premier_League.png | US | image | 13.9 Kb | suspicious |
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/fundo.jpg | US | image | 335 Kb | suspicious |
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/logo/Sky_Sports_Action.png | US | image | 12.2 Kb | suspicious |
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/batmanw.png | US | image | 21.9 Kb | suspicious |
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/logo/Sky_Sports_Football.png | US | image | 11.5 Kb | suspicious |
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/ | US | html | 4.09 Kb | suspicious |
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/logo3.png | US | image | 10.4 Kb | suspicious |
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/logo/BT_Sport_1.png | US | image | 3.78 Kb | suspicious |
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/logo/Sky_Sports_F1.png | US | image | 12.5 Kb | suspicious |
2540 | iexplore.exe | GET | 200 | 104.28.24.166:80 | http://www.sports-stream.link/logo/BT_Sport_2.png | US | image | 3.99 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2540 | iexplore.exe | 46.105.201.240:80 | s10.histats.com | OVH SAS | FR | suspicious |
2540 | iexplore.exe | 185.60.216.35:443 | www.facebook.com | Facebook, Inc. | IE | whitelisted |
2540 | iexplore.exe | 185.60.216.35:80 | www.facebook.com | Facebook, Inc. | IE | whitelisted |
2540 | iexplore.exe | 104.28.24.166:80 | www.sports-stream.link | Cloudflare Inc | US | suspicious |
2540 | iexplore.exe | 158.69.251.190:443 | s4.histats.com | OVH SAS | CA | unknown |
2540 | iexplore.exe | 208.93.230.22:443 | st.chatango.com | Chatango LLC | US | suspicious |
2540 | iexplore.exe | 208.93.230.22:80 | st.chatango.com | Chatango LLC | US | suspicious |
2540 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2540 | iexplore.exe | 195.138.255.24:80 | isrg.trustid.ocsp.identrust.com | AS33891 Netzbetrieb GmbH | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.sports-stream.link |
| suspicious |
st.chatango.com |
| whitelisted |
s10.histats.com |
| whitelisted |
www.facebook.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
s4.histats.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
isrg.trustid.ocsp.identrust.com |
| whitelisted |
ocsp.int-x3.letsencrypt.org |
| whitelisted |