Analysis Report http://covid19-explorer.org

Overview

General Information

Sample URL: http://covid19-explorer.org
Analysis ID: 376194
Infos:

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Allocates a big amount of memory (probably used for heap spraying)

Classification

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 52.4.17.40:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.4.17.40:443 -> 192.168.2.3:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.230.114.89:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.230.114.89:443 -> 192.168.2.3:49707 version: TLS 1.2

Software Vulnerabilities:

barindex
Allocates a big amount of memory (probably used for heap spraying)
Source: iexplore.exe Memory has grown: Private usage: 0MB later: 127MB
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid19-explorer.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: covid19-explorer.orgConnection: Keep-Alive
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: <button id="facebook_share" type="button" class="btn btn-default action-button" onclick="window.open(&#39;https://www.facebook.com/sharer/sharer.php?u=http://covid19-explorer.org&#39;)"> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6bd38270,0x01d721fc</date><accdate>0x6bd38270,0x01d721fc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6bd38270,0x01d721fc</date><accdate>0x6bd38270,0x01d721fc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6bd84728,0x01d721fc</date><accdate>0x6bd84728,0x01d721fc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6bd84728,0x01d721fc</date><accdate>0x6bd84728,0x01d721fc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6bdaa988,0x01d721fc</date><accdate>0x6bdaa988,0x01d721fc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6bdaa988,0x01d721fc</date><accdate>0x6bdaa988,0x01d721fc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: covid19-explorer.org
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Mar 2021 20:56:15 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveAccept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 857Keep-Alive: timeout=5Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 55 df 8f e3 34 10 7e ef 5f 31 e7 13 82 93 9a 6d 92 6d 77 4b 36 a9 84 80 83 93 d0 71 12 f0 c0 a3 9b 4c 1a b3 ae 1d 6c a7 3f ee c4 ff ce d8 4e b6 ed 71 0f 68 a5 75 3c 9e f9 e6 9b cf 33 6e f9 ea 87 5f bf ff fd cf 0f 3f 42 e7 f6 72 33 2b a7 05 79 43 8b 13 4e e2 e6 ad 90 08 ef b5 83 b7 7a 50 4d b9 88 d6 59 b9 47 c7 29 ce f5 09 fe 3d 88 43 c5 6a ad 1c 2a 97 b8 73 8f 0c c6 5d c5 1c 9e dc c2 03 3f 41 dd 71 63 d1 55 83 6b 93 35 83 09 44 f1 3d 56 ec 20 f0 d8 6b e3 ae 42 8f a2 71 5d d5 e0 41 d4 98 84 cd 1c 84 12 4e 70 99 d8 9a 4b ac b2 bb 94 11 8c 75 67 22 e9 13 8f f9 6a 6b c9 be d5 cd 19 3e cd 00 b6 bc 7e de 19 cf 3f a9 b5 d4 a6 80 d7 88 f8 34 fb 67 16 7c e6 d0 65 73 e8 83 6b 4b c9 93 96 ef 85 3c 17 c0 7e 46 79 40 27 6a 0e ef 71 40 36 07 f6 1b ee 34 c2 1f ef e8 3b 7c ce e1 c5 67 0e df 19 a2 46 4e bf 0c b5 68 38 fc 64 b8 6a 7c 94 e5 ca 26 16 8d 68 9f a6 14 47 14 bb ce 15 a0 b4 d9 73 e9 cd 7b 6e 76 42 15 90 fa 4d cf 9b 46 a8 dd b8 f3 35 25 5c 8a 1d 1d d7 24 0d 9a c0 fd ce 2b c5 85 42 13 a8 47 80 44 62 4b b8 c0 07 a7 2f b0 89 89 e9 3e 37 3b dd 17 90 3d 3e f6 a7 68 3c 45 9d c9 96 3d a6 d1 38 52 99 10 b2 d5 ad 39 a6 8b 56 cf c9 e8 63 b1 c5 56 1b 92 26 6c 78 eb 46 82 8d b0 bd e4 a4 ab e3 5b 89 1e 64 bc 6a 52 1a d8 54 92 4c f6 4d f2 10 02 46 2e ab f4 ab 9b c3 7e b0 5d 72 ff df 9a f3 55 f4 eb b2 cb 55 5a f1 11 0b 58 ae 23 e9 1b e9 ef d3 f4 46 77 fa cb a9 66 2f b9 4f 26 69 0a 3e c7 c9 b3 2f e0 e4 d7 38 c9 56 3b a7 f7 45 80 0a 40 fd 15 d1 98 25 9b 8e 78 38 9a 5a f2 3e 5f e7 f8 f0 72 df 0d d6 da 70 27 b4 f2 5d a2 42 bb 96 8b d0 ea d4 f2 8b 38 a4 b3 d2 37 30 ed 1b 71 80 5a 72 6b e3 20 c6 ae 08 38 b1 61 18 88 a6 62 68 8c 36 34 19 00 a5 3d ec a0 0b 15 54 2c 4b 53 16 c5 8e df de 81 5c 7a 2d cf 3b ad a0 d7 42 39 02 5e a5 f3 7c 45 dd 32 5f a7 b0 ce e9 3f 03 eb 8c 7e c6 44 52 ba bf c8 ab 62 61 ca bc 9d 68 56 ac 15 52 16 81 7c 74 2c 5e b7 ed 9a 93 5e 63 5c bc 60 7a 0b 16 63 4a cf 18 4e 15 5b e6 0c ce 15 7b 5c 32 f0 18 15 1b 03 d9 f5 80 56 ec 32 58 ec fa 4e 2a f6 ed 8b ab bf 38 8f d7 9f d8 e6 15 3d 5f 94 20 d4 bf 20 01 e8 e3 5a 38 ea d6 a9 f4 1b 39 43 d3 65 f9 78 76 7b ba 27 a5 13 41 92 47 b1 8f dc 28 9a 0a b6 29 6d cf d5 e4 34 9c 82 47 5c 68 90 91 9e b9 0d 31 20 17 5a 08 6d 42 26 ec 2e 8b 4f ae a2 27 b7 f5 62 c2 37 cb 74 09 e1 e6 de d0 b5 67 23 c3 29 ec f2 f1 7f 2b 79 80 9b 39 ba 94 d5 4f 8e be f5 d9 e6 5d 0b 67 3d 80 eb 84 7a 86 63 c7 9d df 7e 6d 10 a4 d6 cf 54 24 d1 33 60 3b 3d c8 06 b6 48 cd e4 47 be a7 58 8b 61 b0 79 ed 28 18 c1 0a 87 a0 8f d4 90 77 e5 a2 ff 32 fd 71 a1 75 ec e7 45 fc 2d fa 17 8e 62 90 ec a3 06 00 00 Data Ascii: U4~_1mmwK6qLl?Nqhu<3n_?Br3+yCNzPMYG)=Cj*
Source: ~DF8B7BF7AF18EDBAD0.TMP.1.dr, excess-mortality-explorer[1].htm.2.dr String found in binary or memory: http://covid19-explorer.org/
Source: {91642A52-8DEF-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: http://covid19-explorer.org/Root
Source: ~DF8B7BF7AF18EDBAD0.TMP.1.dr String found in binary or memory: http://covid19-explorer.org/Z
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: http://covid19-explorer.org/methodology/
Source: {91642A52-8DEF-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: http://covid19-explorer.org/r.org/Root
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: http://faculty.umb.edu/liam.revell/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: http://getbootstrap.com)
Source: sockjs-0.3.min[1].js.2.dr String found in binary or memory: http://sockjs.org
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: http://www.aidanlister.com/2014/03/persisting-the-tab-state-in-bootstrap/
Source: msapplication.xml.1.dr String found in binary or memory: http://www.amazon.com/
Source: selectize.bootstrap3[1].css.2.dr, TeX-AMS-MML_HTMLorMML[1].js.2.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.1.dr String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr String found in binary or memory: http://www.live.com/
Source: TeX-AMS-MML_HTMLorMML[1].js.2.dr String found in binary or memory: http://www.mathjax.org
Source: msapplication.xml3.1.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr String found in binary or memory: http://www.youtube.com/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://consultqd.clevelandclinic.org/the-weekend-effect-and-covid-19-mortality/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://covid19-explorer.org
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://covid19-explorer.org/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://covid19-explorer.org/methodology/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://data.cdc.gov/Case-Surveillance/United-States-COVID-19-Cases-and-Deaths-by-State-o/9mfq-cb36
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://data.cdc.gov/NCHS/Provisional-COVID-19-Death-Counts-by-Sex-Age-and-W/vsak-wrfu
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://data.cdc.gov/NCHS/Weekly-Counts-of-Deaths-by-State-and-Select-Causes/3yf8-kanr
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://data.cdc.gov/NCHS/Weekly-Counts-of-Deaths-by-State-and-Select-Causes/muzy-jte6
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://data.cdc.gov/NCHS/Weekly-counts-of-deaths-by-jurisdiction-and-age-gr/y5bj-9g5w
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://doi.org/10.1038/d41586-020-03132-4
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://doi.org/10.1038/d41586-020-03141-3
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://doi.org/10.1038/s41467-020-18272-4
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://doi.org/10.1038/s41467-020-19509-y
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://doi.org/10.1101/2020.04.18.20070912
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://doi.org/10.1101/2021.02.15.21251782
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://doi.org/10.1136/bmj.m4509
Source: fa-brands-400[1].eot.2.dr, v4-shims.min[1].css.2.dr String found in binary or memory: https://fontawesome.com
Source: v4-shims.min[1].css.2.dr String found in binary or memory: https://fontawesome.com/license/free
Source: fa-brands-400[1].eot.2.dr, fa-regular-400[1].eot.2.dr, fa-solid-900[1].eot.2.dr String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: bootstrap.min[1].js.2.dr String found in binary or memory: https://getbootstrap.com/)
Source: ion.rangeSlider[1].css.2.dr String found in binary or memory: https://github.com/IonDen
Source: ion.rangeSlider[1].css.2.dr String found in binary or memory: https://github.com/guybowden
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://github.com/liamrevell/covid19.Explorer/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://github.com/scottjehl/Respond/blob/master/LICENSE-MIT
Source: selectize.min[1].js.2.dr String found in binary or memory: https://github.com/selectize/selectize.js
Source: bootstrap.min[1].css.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://mathjax.rstudio.com/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML
Source: ~DF8B7BF7AF18EDBAD0.TMP.1.dr, 6UCIMJHW.htm.2.dr String found in binary or memory: https://phytools.shinyapps.io/excess-mortality-explorer/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://shiny.rstudio.com/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://twitter.com/intent/tweet?text=Check%20out%20this%20cool%20COVID-19%20app:&amp;url=http://cov
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://wonder.cdc.gov/population-projections-2014-2060.html
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.cdc.gov/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.cdc.gov/library/covid19/092220_covidupdate.html
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.cdc.gov/nchs/index.htm
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.cdc.gov/nchs/nvss/vsrr/covid19/tech_notes.htm
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.census.gov/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.census.gov/data/datasets/time-series/demo/popest/2010s-state-total.html
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.mlive.com/public-interest/2020/12/covid-19-numbers-in-michigan-and-ohio-rose-in-lockstep
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.r-project.org/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.worldometers.info/coronavirus/country/australia/
Source: excess-mortality-explorer[1].htm.2.dr String found in binary or memory: https://www.worldometers.info/world-population/us-population/
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown HTTPS traffic detected: 52.4.17.40:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.4.17.40:443 -> 192.168.2.3:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.230.114.89:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.230.114.89:443 -> 192.168.2.3:49707 version: TLS 1.2
Source: classification engine Classification label: clean0.win@3/47@4/4
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF7BCFAD982F369F5C.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3120 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3120 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: sockjs-0.3.min[1].js.2.dr Binary or memory string: Copyright (c) 2011-2012 VMware, Inc.
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 376194 URL: http://covid19-explorer.org Startdate: 25/03/2021 Architecture: WINDOWS Score: 0 11 favicon.ico 2->11 6 iexplore.exe 2 84 2->6         started        process3 process4 8 iexplore.exe 3 69 6->8         started        dnsIp5 13 covid19-explorer.org 148.72.88.30, 49702, 49703, 80 AS-26496-GO-DADDY-COM-LLCUS United States 8->13 15 phytools.shinyapps.io 52.4.17.40, 443, 49705, 49706 AMAZON-AESUS United States 8->15 17 2 other IPs or domains 8->17
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
148.72.88.30
 covid19-explorer.org United States
26496 AS-26496-GO-DADDY-COM-LLCUS false
52.4.17.40
 phytools.shinyapps.io United States
14618 AMAZON-AESUS false
54.230.114.89
 mathjax.rstudio.com United States
16509 AMAZON-02US false

Private
IP
192.168.2.1

Contacted Domains

Name IP Active
phytools.shinyapps.io 52.4.17.40 true
mathjax.rstudio.com 54.230.114.89 true
covid19-explorer.org 148.72.88.30 true
favicon.ico unknown unknown