Source: Information-Account-Prime-Disable-Service.pdf | Joe Sandbox ML: detected |
Source: https://ykm.de/register.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&h=280&adk=3088186576&adf=3175363789&pi=t.aa~a.1255761255~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1610417349&rafmt=1&to=qs&pwprc=4778228967&psa=1&format=1200x280&url=https%3A%2F%2Fykm.de%2Fregister.html&flash=29.0.0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1610417348788&bpp=10&bdt=515&idt=314&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&prev_fmts=0x0&nras=1&correlator=6343227133430&frm=20&pv=1&ga_vid=2041299598.1610417313&ga_sid=1610417349&ga_hid=488988360&ga_fc=0&u_tz=-480&u_his=4&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=32&ady=85&biw=1263&bih=906&scr_x=0&scr_y=0&eid=21068769%2C21068945&oid=3&pvsid=387605769970244&pem=30&rx=0&eae=0&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=1&ifi=1&uci=a!1&xpc=hZWRzNH2jw&p=https%3A//ykm.de&dtd=400 |
Source: https://ykm.de/register.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&adk=1812271804&adf=3025194257&lmt=1610417349&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fykm.de%2Fregister.html&ea=0&flash=29.0.0&pra=5&wgl=1&dt=1610417348751&bpp=37&bdt=482&idt=181&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&nras=1&correlator=6343227133430&frm=20&pv=2&ga_vid=2041299598.1610417313&ga_sid=1610417349&ga_hid=488988360&ga_fc=1&u_tz=-480&u_his=4&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=-12245933&ady=-12245933&biw=1263&bih=906&scr_x=0&scr_y=0&eid=21068769%2C21068945&oid=3&pvsid=387605769970244&pem=30&rx=0&eae=2&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=1&ifi=0&uci=a!0&dtd=341 |
Source: https://ykm.de/register.html | HTTP Parser: Iframe src: https://tpc.googlesyndication.com/sodar/sodar2/220/runner.html |
Source: https://ykm.de/register.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html# |
Source: https://ykm.de/member_login.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&adk=1812271804&adf=3025194257&lmt=1610417363&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fykm.de%2Fmember_login.html&ea=0&flash=29.0.0&pra=5&wgl=1&dt=1610417362885&bpp=27&bdt=546&idt=197&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&nras=1&correlator=3237432082960&frm=20&pv=2&ga_vid=2041299598.1610417313&ga_sid=1610417363&ga_hid=40148678&ga_fc=1&u_tz=-480&u_his=8&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=-12245933&ady=-12245933&biw=1280&bih=906&scr_x=0&scr_y=0&eid=21068083%2C21068769%2C21069109&oid=3&pvsid=3325573467270068&pem=30&rx=0&eae=2&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=1&ifi=0&uci=a!0&dtd=278 |
Source: https://ykm.de/member_login.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html# |
Source: https://ykm.de/register.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&h=280&adk=3088186576&adf=3175363789&pi=t.aa~a.1255761255~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1610417349&rafmt=1&to=qs&pwprc=4778228967&psa=1&format=1200x280&url=https%3A%2F%2Fykm.de%2Fregister.html&flash=29.0.0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1610417348788&bpp=10&bdt=515&idt=314&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&prev_fmts=0x0&nras=1&correlator=6343227133430&frm=20&pv=1&ga_vid=2041299598.1610417313&ga_sid=1610417349&ga_hid=488988360&ga_fc=0&u_tz=-480&u_his=4&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=32&ady=85&biw=1263&bih=906&scr_x=0&scr_y=0&eid=21068769%2C21068945&oid=3&pvsid=387605769970244&pem=30&rx=0&eae=0&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=1&ifi=1&uci=a!1&xpc=hZWRzNH2jw&p=https%3A//ykm.de&dtd=400 |
Source: https://ykm.de/register.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&adk=1812271804&adf=3025194257&lmt=1610417349&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fykm.de%2Fregister.html&ea=0&flash=29.0.0&pra=5&wgl=1&dt=1610417348751&bpp=37&bdt=482&idt=181&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&nras=1&correlator=6343227133430&frm=20&pv=2&ga_vid=2041299598.1610417313&ga_sid=1610417349&ga_hid=488988360&ga_fc=1&u_tz=-480&u_his=4&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=-12245933&ady=-12245933&biw=1263&bih=906&scr_x=0&scr_y=0&eid=21068769%2C21068945&oid=3&pvsid=387605769970244&pem=30&rx=0&eae=2&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=1&ifi=0&uci=a!0&dtd=341 |
Source: https://ykm.de/register.html | HTTP Parser: Iframe src: https://tpc.googlesyndication.com/sodar/sodar2/220/runner.html |
Source: https://ykm.de/register.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html# |
Source: https://ykm.de/member_login.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&adk=1812271804&adf=3025194257&lmt=1610417363&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fykm.de%2Fmember_login.html&ea=0&flash=29.0.0&pra=5&wgl=1&dt=1610417362885&bpp=27&bdt=546&idt=197&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&nras=1&correlator=3237432082960&frm=20&pv=2&ga_vid=2041299598.1610417313&ga_sid=1610417363&ga_hid=40148678&ga_fc=1&u_tz=-480&u_his=8&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=-12245933&ady=-12245933&biw=1280&bih=906&scr_x=0&scr_y=0&eid=21068083%2C21068769%2C21069109&oid=3&pvsid=3325573467270068&pem=30&rx=0&eae=2&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=1&ifi=0&uci=a!0&dtd=278 |
Source: https://ykm.de/member_login.html | HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html# |
Source: https://ykm.de/register.html | HTTP Parser: Title: Register - YKM.de Quickly Shorten Url does not match URL |
Source: https://ykm.de/member_login.html | HTTP Parser: Title: Login - YKM.de Quickly Shorten Url does not match URL |
Source: https://ykm.de/register.html | HTTP Parser: Title: Register - YKM.de Quickly Shorten Url does not match URL |
Source: https://ykm.de/member_login.html | HTTP Parser: Title: Login - YKM.de Quickly Shorten Url does not match URL |
Source: https://ykm.de/register.html | HTTP Parser: No <meta name="author".. found |
Source: https://ykm.de/member_login.html | HTTP Parser: No <meta name="author".. found |
Source: https://ykm.de/register.html | HTTP Parser: No <meta name="author".. found |
Source: https://ykm.de/member_login.html | HTTP Parser: No <meta name="author".. found |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe | File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll | Jump to behavior |
Source: unknown | HTTPS traffic detected: 74.114.154.21:443 -> 192.168.2.3:49744 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 74.114.154.21:443 -> 192.168.2.3:49743 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 192.0.78.27:443 -> 192.168.2.3:49746 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 192.0.78.27:443 -> 192.168.2.3:49745 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.28.25.219:443 -> 192.168.2.3:49747 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 104.28.25.219:443 -> 192.168.2.3:49748 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.20.226:443 -> 192.168.2.3:49751 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.20.226:443 -> 192.168.2.3:49752 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49754 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49753 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49755 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49757 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49758 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49756 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49760 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49759 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49763 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49764 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.2:443 -> 192.168.2.3:49766 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.2:443 -> 192.168.2.3:49765 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.3:49768 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.3:49767 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.22.194:443 -> 192.168.2.3:49769 version: TLS 1.2 |
Source: unknown | HTTPS traffic detected: 172.217.22.194:443 -> 192.168.2.3:49770 version: TLS 1.2 |
Source: Joe Sandbox View | IP Address: 172.217.22.194 172.217.22.194 |
Source: Joe Sandbox View | IP Address: 74.114.154.21 74.114.154.21 |
Source: Joe Sandbox View | IP Address: 172.217.23.2 172.217.23.2 |
Source: Joe Sandbox View | JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c |
Source: msapplication.xml0.23.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe65086e6,0x01d6e887</date><accdate>0xe65086e6,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
Source: msapplication.xml0.23.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe65086e6,0x01d6e887</date><accdate>0xe652e959,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
Source: msapplication.xml5.23.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe657adeb,0x01d6e887</date><accdate>0xe657adeb,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter) |
Source: msapplication.xml5.23.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe657adeb,0x01d6e887</date><accdate>0xe657adeb,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter) |
Source: msapplication.xml7.23.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe65a1083,0x01d6e887</date><accdate>0xe65a1083,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube) |
Source: msapplication.xml7.23.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe65a1083,0x01d6e887</date><accdate>0xe65a1083,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube) |
Source: index[2].htm.24.dr | String found in binary or memory: s (pt)", "admin":"Admin", "ban_type":"Ban Type", "plugin_title":"plugin title", "directory_name":"directory name", "installed":"installed?", "faq_page_content":"<div> <h4>How can my site benefit from using shortened urls?</h4> Shorten long urls such as:<br/><br/> <pre>http://maps.google.co.uk/maps?oe=utf-8&client=firefox-a&rlz=1R1GGLL_en-GB___GB423&um=1&ie=UTF-8&q=google+maps+big+ben<br/>&fb=1&gl=uk&hq=google+maps+big+ben&hnear=google+maps+big+ben&cid=0,0,7629721680134612<br/>123&ei=AukATpvoBpDA8QPaq4mzDQ&sa=X&oi=local_result&ct=image&resnum=1&ved=0CCAQnwIwAA</pre> <br/> Into a shorter version such as:<br/><br/> <pre><a href=\"http://[[[_CONFIG_SITE_FULL_URL]]]\">http://[[[_CONFIG_SITE_FULL_URL]]]/a</a></pre> <br/> Then post to Twitter, Facebook, send via email, use on your existing website, advertising, affiliate links, the uses are endless. <hr> </div> <div> <h4>How can I view how many visitors have clicked on my short url?</h4> You can see details stats including unique visitors, visiting countries, browsers and more by adding <code>~s</code> onto the end of your short url. <hr> </div> <div> <h4>Can I automatically expire my urls after x clicks?</h4> Yes. When you create the url, you can specify a \'total uses\' value which only allows the short url to be used this amount of times. The url will be expired after the total visits reaches this value. <hr> </div> <div> <h4>Can I protect my short with a password?</h4> Yes. When creating the url, specify a password within the \'password\' input. The visitor will be prompted to enter the password when the visit the url. <hr> </div> <div> <h4>How many urls can I create?</h4> There are no limits on the amount of urls you can create. <hr> </div> <div> <h4>What are the benefits of registering an account?</h4> View and manage all your short urls in one place. Easily view your url statistics and share your urls through social media. <hr> </div>", "terms_page_name":"Terms", "terms_meta_description":"Terms", "terms_meta_keywords":"terms", "terms_page_content":"<ol><li>Users of this website (Users) agree to be bound by these terms and conditions, which are subject |