URL: | http://4itailer.net/__media__/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm |
Full analysis: | https://app.any.run/tasks/3035b71d-2ac3-41e2-b940-53a0809b45e5 |
Verdict: | Malicious activity |
Analysis date: | March 01, 2024, 08:50:31 |
OS: | Ubuntu 22.04.2 |
MD5: | EB5A9B88465B8D84300BF0C5F0E21D4D |
SHA1: | 24C7B94E52CBAB0EDA51DC3FCCF59DCA83133EF0 |
SHA256: | F719BA2610C722FDF5F8D6321782AFC34F37E8BE2B451B5DCD80D53BDA956268 |
SSDEEP: | 3:N1KyImARs9vZKLvSC2ebwOWVXCcnAekVZVRynCHiCNGI:Ch3QxXwciFCm |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
9301 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome \"http://4itailer\.net/__media__/js/netsoltrademark\.php?d=dinhphanadvertising\.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm\" " | /bin/sh | — | any-guest-agent |
User: root Integrity Level: UNKNOWN | ||||
9302 | sudo -iu user google-chrome http://4itailer.net/__media__/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm | /usr/bin/sudo | — | sh |
User: root Integrity Level: UNKNOWN | ||||
9303 | /usr/bin/google-chrome http://4itailer.net/__media__/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F>lam+bang+quang+cao+tphcm | /opt/google/chrome/chrome | — | sudo |
User: user Integrity Level: UNKNOWN | ||||
9304 | /usr/bin/locale-check C.UTF-8 | /usr/bin/locale-check | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9305 | readlink -f /usr/bin/google-chrome | /usr/bin/readlink | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9306 | dirname /opt/google/chrome/google-chrome | /usr/bin/dirname | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9307 | mkdir -p /home/user/.local/share/applications | /usr/bin/mkdir | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9308 | cat | /usr/bin/cat | — | chrome |
User: user Integrity Level: UNKNOWN | ||||
9309 | cat | /usr/bin/cat | — | chrome |
User: user Integrity Level: UNKNOWN | ||||
9310 | /opt/google/chrome/chrome | — | chrome | |
User: user Integrity Level: UNKNOWN Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
9303 | chrome | /9303/fd/63 | — | |
MD5:— | SHA256:— | |||
9303 | chrome | /home/user/.config/google-chrome/BrowserMetrics/BrowserMetrics-65E196DF-2457.pma | — | |
MD5:— | SHA256:— | |||
9303 | chrome | /.com.google.Chrome.fRHYNw | — | |
MD5:— | SHA256:— | |||
9303 | chrome | /.com.google.Chrome.JCkhhG | — | |
MD5:— | SHA256:— | |||
9303 | chrome | /home/user/.config/google-chrome/Default/Site Characteristics Database/LOG | — | |
MD5:— | SHA256:— | |||
9303 | chrome | /home/user/.config/google-chrome/Default/Local Storage/leveldb/LOG | — | |
MD5:— | SHA256:— | |||
9303 | chrome | /home/user/.config/google-chrome/Default/commerce_subscription_db/LOG | — | |
MD5:— | SHA256:— | |||
9303 | chrome | /home/user/.config/google-chrome/Default/discounts_db/LOG | — | |
MD5:— | SHA256:— | |||
9303 | chrome | /home/user/.config/google-chrome/Default/parcel_tracking_db/LOG | — | |
MD5:— | SHA256:— | |||
9303 | chrome | /home/user/.config/google-chrome/Default/chrome_cart_db/LOG | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 204 | 185.125.190.48:80 | http://connectivity-check.ubuntu.com/ | unknown | — | — | unknown |
— | — | GET | 204 | 172.217.23.110:80 | http://translate.google.com/gen204?nca=te_li&client=te_lib&logld=vTE_20240227 | unknown | — | — | unknown |
— | — | GET | 200 | 208.91.196.253:80 | http://nine.cdn-image.com/__media__/pics/451/netsol-logo.jpg | unknown | image | 909 b | unknown |
— | — | GET | 200 | 208.91.197.27:80 | http://4itailer.net/__media__/js/netsoltrademark.php?d=dinhphanadvertising.com%2Flam-bang-hieu-tphcm%2F%3Elam+bang+quang+cao+tphcm | unknown | html | 4.02 Kb | unknown |
— | — | GET | 404 | 208.91.197.27:80 | http://4itailer.net/favicon.ico | unknown | text | 10 b | unknown |
— | — | GET | 204 | 172.217.23.110:80 | http://translate.google.com/gen204?sl=auto&tl=ru&textlen=69&ttt=196&ttl=124&ttf=57&sr=1&nca=te_time&client=te_lib&logld=vTE_20240227 | unknown | — | — | unknown |
— | — | GET | 204 | 172.217.23.110:80 | http://translate.google.com/gen204?sl=auto&tl=en&textlen=69&ttt=129&ttl=124&ttf=57&sr=1&nca=te_time&client=te_lib&logld=vTE_20240227 | unknown | — | — | unknown |
— | — | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j7jnmf4vvrqt45d3wjkzh7zvem_2024.2.28.0/niikhdgajlphfehepabhhblakbdgeefj_2024.02.28.00_all_adx2g6em3a55tnq4qwtbhclqp3uq.crx3 | unknown | binary | 5.83 Kb | unknown |
— | — | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/diffgen-puffin/lmelglejhemejginpboagddgdfbepgmp/1.08e537cf045b43746488f2574b7b0b80add005f2cf6a4e690906e41b95c11591/1.1c9ef13b7a63abd8f89d0cbad98858b9e8f54fc3951160950403c72b45812d07/6ae8fdcf08abf7b8a462fc3920cb10b2dc3e94dfba24f013af9b19549fd8b744.puff | unknown | binary | 2.25 Kb | unknown |
— | — | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhno7gzgrjscufs6lncwmnfyp5a_8574/hfnkpimlhhgieaddgfemjhofmfblmnib_8574_all_dlmv7r3ezjl533ex3tiokuxvli.crx3 | unknown | binary | 26.2 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 224.0.0.251:5353 | — | — | — | unknown |
— | — | 185.125.190.48:80 | — | Canonical Group Limited | GB | unknown |
— | — | 91.189.91.96:80 | — | Canonical Group Limited | US | unknown |
— | — | 239.255.255.250:1900 | — | — | — | unknown |
— | — | 142.250.186.35:443 | clientservices.googleapis.com | GOOGLE | US | unknown |
— | — | 66.102.1.84:443 | accounts.google.com | GOOGLE | US | unknown |
— | — | 208.91.197.27:443 | 4itailer.net | CONFLUENCE-NETWORK-INC | VG | unknown |
— | — | 208.91.197.27:80 | 4itailer.net | CONFLUENCE-NETWORK-INC | VG | unknown |
— | — | 208.91.196.253:80 | nine.cdn-image.com | CONFLUENCE-NETWORK-INC | VG | unknown |
— | — | 172.217.16.196:443 | www.google.com | — | — | unknown |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
4itailer.net |
| unknown |
nine.cdn-image.com |
| unknown |
193.100.168.192.in-addr.arpa |
| unknown |
www.google.com |
| whitelisted |
update.googleapis.com |
| whitelisted |
optimizationguide-pa.googleapis.com |
| whitelisted |
www.networksolutions.com |
| whitelisted |
dinhphanadvertising.com |
| unknown |