ZeroCERT Team

Report

Result
Link
Whois
Reference

*Date : 2018.10.14 20:54
*Site : https://openload.co/embed/h1BU0jHhWrI
*Title :
*Info : 104.16.165.50, US(, United States)
*Check url : 82 counts
*Loading time : 30.802613sec
*Reference
  - MANGOSCAN : not found
  - VIRUSTOTAL : URL Hash not found, FILE Hash not found
  - Google SafeBrowsing(GSB) : openload.co is not found
*Result
(1) Suspicious url(NULL) - 14count
(2) user cookie check - 8count
(3) user information check - 4count
(4) user cookie check - 3count
(5) user information check - 2count
(6) Suspicious script has been detected (jjencode) - 1count
(7) http://xml.explorads.com/click?i=NkmfYfY2rrs_0&exo_cid=2363378 - 1count
(8) http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=2 - 1count
(9) http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=2&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI - 1count
(10) http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=2&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI&tested=2 - 1count
(11) http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=1 - 1count
(12) http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=1&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI - 1count
(13) http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=1&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI&tested=2 - 1count
(14) http://deloton.com/afu.php?enc=lxnxZxzMxHF05exXWZjT-GBljoctGHvMvIuIDvz4UHw&var= - 1count
(15) http://deloton.com/afu.php?enc=lxnxZxzMxHF05exXWZjT-GBljoctGHvMvIuIDvz4UHw&var=1607709 - 1count
(16) http://deloton.com/afu.php?enc=lxnxZxzMxHF05exXWZjT-GBljoctGHvMvIuIDvz4UHw&var=1569540 - 1count
(17) Suspicious script has been detected (http://) - 1count

Public Link : http://zerocert.org/?code=682018e3b269523db43bf29049b1bff98d74856c7ccab9faff42c191d63cbfb9

*Latest detected Domain

이 사이트는 최근 90일 동안 악성URL 삽입된 적이 없습니다.
이 사이트는 최근 90일 동안 악성코드 중개 역할한 적이 없습니다.
이 사이트는 최근 90일 동안 악성코드를 유포한 적이 없습니다.
Relation domain not found
Relation ip not found
same Domain not found
same IP not found
same IP bands not found
same ASN not found

https://openload.co/embed/h1BU0jHhWrI
    -> Suspicious script has been detected (jjencode)
    -> user information check
    -> user cookie check
  [script(*)] http://yuanaayutyd.com/
    -> Suspicious url(NULL)
  [script(*)] http://yuanaayutyd.com/0625a.aspx?84785&427b7=direct&siteId=2542514&6beed=0.0&d51c3=10&de60f=http://35.193.89.147/MTUzOTU0MTcwMS8xNTQxMTA4NTAyLzE1Mzk1NzY1OTg=&a67e9&de0ed=  -> Offline
  [ajax] https://tt2.openload.co/r3/f
    -> Suspicious url(NULL)
  [ajax] https://tt1.openload.co/r3/f
    -> Suspicious url(NULL)
  [script] https://serve.popads.net/checkInventory.php?r=
  [script] https://openload.co/cdn-cgi/apps/head/iM7qibkyd7spQaxqjP8uExWFQxY.js
  [script] https://openload.co/assets/js/jquery.min.js
  [script] https://openload.co/assets/js/videojs-ie8.min.3.js
  [script] https://openload.co/assets/js/script.2823.js
  [script] https://openload.co/assets/js/license.19.js
  [script] https://openload.co/advert2.js
  [script] https://openload.co/assets/js/video-js/video.js.openload.js
  [script] https://openload.co/assets/js/video.min.3.js
    -> user information check
  [script] https://openload.co/assets/js/video-js/vast4/videojs_5.vast.vpaid.min.js
    -> user information check
    [swf] https://openload.co/assets/js/video-js/vast4/|
    [swf] https://openload.co/assets/js/video-js/vast4/VPAIDFlash.swf
    [script] http://www.w3.org/1999/xhtml
  [script] https://openload.co/assets/js/video-js/videojs.hotkeys.min.js
  [script] https://openload.co/assets/js/video-js/video.js.ol21.js
  [script] http://yuanaayutyd.com/0625a.aspx?84785&427b7=direct&siteId=2542514&6beed=0.0&d51c3=10&de60f=http%3A%2F%2F35.193.89.147%2FMTUzOTU0MTcwMS8xNTQxMTA4NTAyLzE1Mzk1NzY1OTg%3D&a67e9&de0ed=  -> Offline
  [script] http://jf71qh5v14.com/s92ybphmjn?key=50500f0de4b9e2713c0547f6a62d7845&psid=
    -> user cookie check
  [script] http://jf71qh5v14.com/6rpck7aq?key=3a8bdb21f33f3d0a89784bcebeb9303f&psid=
    -> user cookie check
  [script] http://jf71qh5v14.com/cqx9is90?key=c8f2b52a8a6bed4efa8bf1011a17dcf8&psid=
    -> user cookie check
  [script] http://constintptr.com/1675303/
    -> user information check
    [script] http://www.w3.org/1999/html
  [script] http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=1 -> Malware url
    -> user cookie check
    [script] http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=1&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI&tested=2 -> Malware url
      -> Suspicious url(NULL)
      [Location] http://xml.explorads.com/click?i=NkmfYfY2rrs_0&exo_cid=2363378 -> Malware url
        -> Suspicious url(NULL)
        [Location] http://xml.pdn-1.com/redirect?feed=109291&auth=WTnlA6&subid=86013_117850_124796_2792946&url=http%3A%2F%2Fsyndication.exdynsrv.com%2Fsplash.php%3Fidzone%3D2792946%26type%3D8%26sub%3D1%26p%3Dhttps%253A%252F%252Fopenload.co%252Fembed%252Fh1BU0jHhWrI%26tested%3D2&query=
          -> Suspicious url(NULL)
    [script] http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=1&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI -> Malware url
      -> user cookie check
  [script] http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=2 -> Malware url
    -> user cookie check
    [script] http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=2&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI&tested=2 -> Malware url
      -> Suspicious url(NULL)
      [Location] http://hahatv3.co.kr
        [script] http://www.full.co.kr/evt/haha4&a
          -> Suspicious url(NULL)
          [Location] http://www.full.co.kr/live/play?D*FznyIGvifZL!=3028918
            -> Suspicious script has been detected (http://)
            [script] https://www.googletagmanager.com/gtag/js?id=UA-92415004-1
            [script] http://dcache.full.co.kr/heart/w/5?t=04c7171af4a1cf74ab9bdb8ba44d061c
            [script] http://dcache.full.co.kr/heart/w/10?t=81a89f204410bd3f760e100b314897f3
            [script] http://dcache.full.co.kr/heart/w/100?t=48195497cc3507eea47547054776c0eb
            [script] http://dcache.full.co.kr/heart/w/200?t=3d7a757cd70508a8908762171cffbafd
            [script] http://dcache.full.co.kr/heart/w/300?t=c5596451358aff26c9bb21c343c4f754
            [script] http://dcache.full.co.kr/heart/w/500?t=6718dce210c6c7dfe8f655b5aa7bf40b
            [script] http://dcache.full.co.kr/heart/w/888?t=5de35cd310dc37576712bfd3189e8377
            [script] http://dcache.full.co.kr/heart/w/1000?t=1d68794080cce0c7c6a9ab3972ab653e
            [script] http://dcache.full.co.kr/user/8c0ae1607f750ceb768c3acab888ca057d2e9778/?ge=1
            [frame] http://www.full.co.kr/resource/advert/common
            [script] http://www.full.co.kr/resource/js/es6promise/es6-promise.auto.min.js?ver=ae29b45ebf4adc6e6a39bf9296abe66a
            [script] http://www.full.co.kr/resource/js/requirejs/require.js?ver=ae29b45ebf4adc6e6a39bf9296abe66a
            [script] http://www.full.co.kr/resource/js/requirejs/require-config.js?ver=ae29b45ebf4adc6e6a39bf9296abe66a
            [script] http://www.full.co.kr/resource/js/common.js?ver=ae29b45ebf4adc6e6a39bf9296abe66a
            [script] http://www.full.co.kr/resource/js/web/play.js?ver=ae29b45ebf4adc6e6a39bf9296abe66a
            [script] http://www.full.co.kr
            [script] http://icache.full.co.kr/favicon.ico
            [ascii] http://chatneolive.neofuture.kr -> Machine Zero:Suspicious URL?
    [script] http://syndication.exdynsrv.com/splash.php?idzone=2792946&type=8&sub=2&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI -> Malware url
      -> user cookie check
  [script] http://syndication.exosrv.com/splash.php?idzone=2792946&type=8&sub=5
    -> user cookie check
    [script] http://syndication.exosrv.com/splash.php?idzone=2792946&type=8&sub=5&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI&tested=2
      -> Suspicious url(NULL)
      [Location] http://eu.digitaldsp.com/api/submit_form_request?p=cd382c87b296f6ca61238b97c3fa0d084fc5ce4b&ts=1539517603&z=1607709&exo_cid=2062924
        [script] http://deloton.com/afu.php?enc=lxnxZxzMxHF05exXWZjT-GBljoctGHvMvIuIDvz4UHw&var=1607709 -> Malware url
          -> Suspicious url(NULL)
          [Location] https://reager30.com/?ba=1&dm=0&ep=1&fp=1&g=KR&i18db=1&l=2QgvXSFX9YHEXAV&s=75305030093123584&ssk=7e5369023e2806cd29906469a60a69e9&svar=1539517636.275&vi=1&vo=1&z=324329&tr=default&b=1497843&oaid=3db0228d235d6d2c6a045290cd1ad64a
            -> user information check
            [script] https://static.reager30.com/templates/_assets/sounds/female-warning/default.mp3
            [script] http://pushance.com/ntfc.php?zoneid=1731121&var=2QgvXSFX9YHEXAV
    [script] http://syndication.exosrv.com/splash.php?idzone=2792946&type=8&sub=5&p=https%3A%2F%2Fopenload.co%2Fembed%2Fh1BU0jHhWrI
      -> user cookie check
  [script] http://pop.bid/go/38636/424116
  [script] http://engine.spotscenered.info/link.engine?guid=e84dbe42-32fe-4143-9994-f0f18c8bdd07&Hardlink=true&time=0&CurrentUrl=
    [Location] https://engine.spotscenered.info/Redirect.eng?MediaSegmentId=0&TempMedia=zZPThBoOzAu-XJrTcmjY89-jX_06aGMMupCnqQTAfrvHqJq2XPJMN5muZqO4O7yED1lH_kveYSCX83W7Sr43tNB6fFJ7cYyzxvJiazc95u22_T-G-twvdGDb9w3TwEuoWfuNs4qxjvzwdntQnt8IzdGk3NVt3_PZgtoq0ihefnunBnvpcYWTA3H1BZBSLYeiAc0AXwtpxIpF24jFrnwHbAdXRTigim4BSnmPzghemZVVbY9kgqTcWnTGtTwaFF_UFfFZfVWMwgvuAfX0fToaTWf-cB5zNg4sKJ8hIO30Vty5fH4Q9-b9CgN78YCMqidSoydrHELJYaJdnqyViI8kMDo80mZVMAU8RbZEs4tJyd6146TMt-NHS6sfhfTe9VkE1OK898AqdT5NoDdg0bxkekiPlJKbf-v9hzdkcB1YPIisCblYLZlUbaV3XwwgCW2gSA5490i3451prqF9pj8GRDSUgEwd7EXVaYJrECI8P5D5rUKk1zbnWzY0wYGrWIV4ZKOtK2GFm7FH7moecYyX_9XtGa78-OLqCtuhq0KkMt48r9w41IVNqy9ZeeKQ0pBJd2jjA5vqf5lUbvIr1DzrxtxhVdSDeZUIXmvDJayiPsF-Dite3rN8Pb67ftejsmziBW2BMTdWuYrsu0cppkB1iACFH_JuTWVpwCflgtwXD2tqKRDWkCAPNhtYcmcLuQE1OtieTgM5PqNUN9lB8KhizZvTkJnnoVhX9t14YylWM9fOSsHFAgGbevWX2UBTjuAiEP0J8aqFaGDw8tdPTF3-AUHdwjpB5ZVX8-6tWo3By0OwyLBxEr_N2joRYBZSvTzBrxXfhGiEbsNTJc3oO9p6qOPBGNppVIc_EtBDg4mnB5MaEWC7316GDSU8WqLHUzuKZE4b92wYRf_gMqwA1kYUtHkdIBePm4YBWdOSVjl3eAE1&dcid=1_ctx_47f4d647-69cc-4864-8218-3d8e1c546b41&timeZoneOffset=
      [Location] http://eu.digitaldsp.com/api/submit_form_request?p=c415da15-d9e9-4438-b569-37e5bbeba431&ts=1539517745&z=1569540
        [script] http://deloton.com/afu.php?enc=lxnxZxzMxHF05exXWZjT-GBljoctGHvMvIuIDvz4UHw&var=1569540 -> Malware url
          -> Suspicious url(NULL)
          [Location] https://reager30.com/?ba=1&dm=1&ep=1&fp=0&g=KR&i18db=1&l=AwNZytsjX2QsFwJ&s=75305656948629504&ssk=d89c7d655831225248ccca0293897dbc&svar=1539517785.7241&vi=1&vo=1&z=324329&tr=default&b=1471146&oaid=d92cf054fc90a26bb342e7fcb6a4ea75
            -> user information check
            [script] https://static.reager30.com/templates/desktop-game/game-video-fon/js/js.js?v=3
            [script] https://static.reager30.com/templates/_assets/video-bg/vikings/vikings.mp4
            [script] https://static.reager30.com/templates/_assets/video-bg/vikings/vikings.ogv
            [script] https://static.reager30.com/templates/_assets/video-bg/vikings/vikings.webm
            [script] https://static.reager30.com/templates/desktop-game/game-video-fon/../../_assets/sounds/female-warning/default.mp3
            [script] https://static.reager30.com/templates/desktop-game/game-video-fon/../../_assets/sounds/female-warning/default.ogg
      [script] http://eu.digitaldsp.com/api/submit_form_request?p=c415da15-d9e9-4438-b569-37e5bbeba431&
        [script] http://deloton.com/afu.php?enc=lxnxZxzMxHF05exXWZjT-GBljoctGHvMvIuIDvz4UHw&var= -> Malware url
          -> Suspicious url(NULL)
          [Location] https://plarium.com/play/en/pirates/ships08_g?plid=107412&pxl=propeller-ads&clickId=75306175792422912&publisherId=324329
            -> Suspicious url(NULL)
            [Location] https://plarium.com/landings/en/pirates/ships_f024_a?plid=107412&pxl=propeller-ads&clickId=75306175792422912&publisherId=324329
  [script] http://uod2quk646.com/w72vkpjeg?key=3c23b02eaac53d8cdb44bdfc555c8b46
    -> user cookie check
  [script] http://35.193.89.147/MTUzOTU0MTcwMS8xNTQxMTA4NTAyLzE1Mzk1NzY1OTg=&a67e9&de0ed=
    -> Suspicious url(NULL)

*Country

34.235.250.63 (Ashburn, United States)

*Whois
Erroring for domain: openload.co

Website Check

Report