Sample details: 2a10fe3860d4920302526f9b444d0b3f --

Hashes
MD5: 2a10fe3860d4920302526f9b444d0b3f
SHA1: fef62cca29db5ae3d583312a398a9d91f6c41d30
SHA256: 02084b60fe0026d677c1dcbd4770382078173757c49de40ba533f034a5b0ad45
SSDEEP: 384:mW+0i9aRtga1iUswG2Tj4BTsHT2zJGb3DTsnUVDFlF+mBJrw+A6+hWZFAXL:5h6aEUswG2Tj4BTsHTM2TTyAvOOFo
Details
File Type: HTML
Added: 2019-10-09 14:35:51
Yara Hits
YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/Big_Numbers1 |
Source
http://adcash.ga/20190118/ppi02.exe
Strings
		<html xmlns="http://www.w3.org/1999/xhtml" id="main_html"  prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# website: http://ogp.me/ns/website#">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
                    <meta http-equiv="X-Frame-Options" content="DENY">
                <meta property="fb:app_id" content="399141353502152" />
        	        	            <meta property="og:type"   content="website" />
	            <meta property="og:url"    content="http://larati.net/2meg" />
	        	            <meta property="og:title"  content="One moment..." />
                    <meta property="og:image" content="https://cdn.ay.gy/static/image/fblogo.png" />
        
    		        <noscript>
	            <meta http-equiv="refresh" content="0; url=/noscript.php?t=js">
	        </noscript>
        <link rel="apple-touch-icon" href="http://cdn.larati.net/static/image/apple-touch-icon.png" />
        
        <style id="antiClickjack">body{display:none !important;}</style>
        <script type="text/javascript">
           var frame_check = false;
           if (self === top) {
               var antiClickjack = document.getElementById("antiClickjack");
               antiClickjack.parentNode.removeChild(antiClickjack);
               frame_check = true;
           } else {
               top.location = self.location;
               window.onload = function() { document.write('AdF.ly - Security Error. If you see this message please contact the owner of the website and inform them that AdF.ly links cannot be placed in a frame.'); }
           }
        </script>
        <meta http-equiv="cache-control" content="max-age=0" />
        <meta http-equiv="cache-control" content="no-cache" />
        <meta http-equiv="expires" content="0" />
        <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
        <meta http-equiv="pragma" content="no-cache" />                
                <meta name="x-adfly-subid" content="21958691" />
                
                    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
                    <script>window.jQuery || document.write('<script src="http://cdn.larati.net/static/js/jquery-1.7.1.min.js">\x3C/script>');</script>
        			<title>One moment...</title>
		        <meta name="title" content="One moment..." />
        
                	<meta name="description" content="Shrink your URLs and get paid!" />
            <meta property="og:description"  content="Shrink your URLs and get paid!" />
        
        <link rel="icon" href="http://cdn.larati.net/static/image/favicon.ico" type="image/ico" />
        <link rel="shortcut icon" href="http://cdn.larati.net/static/image/favicon.ico" />
        <style>
            #mpd{
                display:none;
            }
            @media screen and (max-width: 799px) {
                #mpd{
                    display:block;
                    width:1px;
                    height:1px;
                    position:absolute;
                }
            }
                    </style>
        <link rel="stylesheet" type="text/css" href="http://cdn.larati.net/static/css/adfly_7.css" />
                    <script type="text/javascript">
                            </script>
                                            <script src="http://cdn.larati.net/static/js/amvn.js"></script>
            
                                <script data-cfasync="false" src="//d1nmxiiewlx627.cloudfront.net/?ixmnd=709056"></script>
                         
                        
            
                        <script src="http://cdn.larati.net/static/js/b64.js"></script>
            <script type="text/javascript">
                var at = 1;
                var log_token = '861bad569db4e989aa6c925a2555b369';
                var log_hash = 'a15f23841aca884b2d0ba3144aecda3e';
                var waitmsg = 'seconds';
                var zzz = 'http://adf.ly/skip.php';
                var smk = 'O5DYYzxMYimVFTkNN1WIYT2YO1WIRTiONjGZUT5YOhDl';
				var grk = 'O5DYYzxMYimVFTkNN1WIYT2YO1WIRTiONjGZUT5YOhDl';
                var uid = '21958691';
                var urid = '6337057107';
                var ref_i = 'eyJ1cmwiOm51bGwsImRvbWFpbiI6bnVsbH0=';
                var udid = '75440';
                var utime = '1570631751';
                var abdo = '1';
                var abb = '1';
                                var abmdl = 'W10=';
                                
                
                var skbr = ""; 
                var d = 421401;
                var scripts = document.getElementsByTagName('script');
                var ysmm = 'O=DkYT5YOlTNVDmNO1TchjmYN3jEEG4ZY2TUMjzNY12chj0ed5HhBnzLOui98Wvad03FdW6dMxSV5mscdlWdN3pbZsWZ0mtbYvW95WubLGnJBTyJbGyJ9TwJdBXNNToJcwmRVHkdaoX8JDldYz3VQGvZPm3ENTpNd3GEUz9MY1WARzmNb1HEkTmPb1mZVy2Ndw2E9zyNa1zA0zxNJznMBjwNa8Tk12yYMwTZkS1MO7DY';
            	var easyUrl = 'false';
            	var eu = 'false';
            	if (easyUrl == 'true') {
                    eu = ysmm.substring(0);
                }
                $(scripts[scripts.length - 1]).remove();
                
                function checkAndGo(val) { alert('To continue..\n\nPlease remove any browser extensions designed to skip our adverts.'); }
            </script>
                    <script src="http://cdn.larati.net/static/js/view105c2.js"></script>
        
            
                                    <script type="text/javascript">
                var intpop = 1;
                if(typeof intpop != 'undefined' && intpop == 1 && !document.getElementById('PuDisplayScript')){
                                            var adfly_id = '21958691';
                                        var pat = 42;
                    var bindElement = 'skip_bu2tton';
                    document.write('<script type="text/javascript" id="PuDisplayScript" src="/js/display.js"></scr'+'ipt>');
                }
            </script>
            
            
            
            
        </head>
			<body id='home' class="">
            
            				<script type="text/javascript">
					var _gaq = _gaq || [];
                                                _gaq.push(['_setAccount', 'UA-6469700-9']);
                            _gaq.push(['_setSampleRate','0.5']);
                            					_gaq.push(['_setCustomVar', 1, 'User', '21958691', 3]);
					_gaq.push(['_trackPageview']);
					(function() {
						var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
						ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
						(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(ga);
					})();
                    //Analytics tracking code
                    setTimeout(function(){goal();},5000);
                    function goal(){
                        try{
                            var iframe = document.getElementById('rf');
                            var innerDoc = iframe.contentDocument || iframe.contentWindow.document;
                            var iframe2 = innerDoc.getElementById('rf2').src;
                        }catch(err){
                            //Nothing
                        }
                        if(iframe2 == undefined){
                            _gaq.push(['_trackEvent', 'Ad', 'Paid', 'Success', 3]);
                        }else{
                            if(iframe2.indexOf('adf.ly') == -1){
                                _gaq.push(['_trackEvent', 'Ad', 'Paid', 'Success', 1]);
                            }else{
                                _gaq.push(['_trackEvent', 'Ad', 'Paid', 'Success', 0]);
                            }
                        }
                    }
				</script>
                
                
                <script src="http://cdn.larati.net/static/js/main.js"></script>
                <div id="adReporter" class="sm_content" style="z-index: 10004;padding-top:5px; height:auto;top:initial; left:initial; bottom: 5%; right: 1%;">
                    <p style="font-size:20px;">Report Malicious Advert</p>
                    <form action="/ad/report" method="POST" enctype="multipart/form-data">
                        <div>
                            <input type="hidden" name="lt" value="861bad569db4e989aa6c925a2555b369" />
                            <input type="hidden" name="s" value="962c8a5b2da62901e22b9770ef6639ba" />
                            <input type="hidden" name="rf2_url" id="rf2_url" value="" />
                        </div>
                        <div>
                                                        <label for="reason">Reason</label>
                            <select name="reason" id="reason" style="width:100%;">
                                <option value="0">Select...</option>
                                                                    <option value="1">Advert contained auto file download</option>
                                                                    <option value="2">My antivirus software alerted me to malware contained on this page</option>
                                                                    <option value="3">Advert contains adult content</option>
                                                                    <option value="4">Advert has pop ads</option>
                                                                    <option value="5">Advert is scareware / fake &#39;helpline&#39; telephone or fake virus alert</option>
                                                                    <option value="6">Phishing, the advert pretends to be from a company/trademark that is not real</option>
                                                            </select>
                        </div>
                        <br />
                        <div>
                            <label for="screenshot">Screenshot upload (optional)</label>
                            <input name="screenshot" type="file" id="screenshot" accept="image/*;capture=camera">
                        </div>
                        <br />
                        <div>
                            <label for="description">Description (optional)</label><br />
                            <textarea name="description" id="description" rows="5" cols="45"></textarea>
                        </div>
                        <br />
                        <div>
                            <label for="email">Your email address (optional)</label>
                            <input name="email" type="text" id="email" />
                        </div>
                        <br />
                        <div>
                                                        <label for="captcha">6 + 9 = </label>
                            <input type="text" name="captcha" placeholder="?">
                        </div>
                        <br />
                        <div>
                            <input type="submit" value="Send!"/>
                            <input type="button" class="close" value="Cancel" />
                        </div>
                        <iframe id='upload_iframe' name='upload_iframe' src="" style="display: none"></iframe>
                    </form>
                    <br />
                </div>
                <div id="daily_limit_captcha_fade" class="black_overlay"></div>
                
                <div id="_bd" class="sm_content" style="z-index: 10004;padding-top:5px; height:auto;">
                    <p style="font-size:20px;">Warning!</p>
                                        <p>It appears that you have an <b>advert blocking browser extension</b> enabled.<br /><br />
                        Our Publishers use this revenue in order to monetize their websites and provide you with their content. To continue to your destination, you must white list our website in your software.<br /><br />
                        Adblock Plus users, click on Adblock plus icon, and deselect &#39;Enabled for this website&#39;<br /><br />
                    	For more information please see our Knowledge Base article:<br /><br />
                        <a href="https://support.adf.ly/hc/en-us/articles/207705113" target="_new">http://support.adf.ly/hc/en-us/articles/207705113</a></p>
                                    </div>
                <div id="fade" class="black_overlay"></div>
                    
                    
				<img src='http://cdn.larati.net/static/image/logo_fb2.png' border='0' alt='logo' style='display:none;' />
                <div id="mpd"></div>
				<div id="Interstitual" style="background-color: #FFFFFF; z-index:9999; position: absolute; width: 100%; height: 100%;">
					<table cellpadding="0" cellspacing="0" height="100%" width="100%">
						<tr height="1%">
							<td style="top:0;width:100%">
								<div id="sitebar" style="">
                                    <div id="top" style="width: 100%;" >
                                        
                                        <img id="adb" style="float: left;" src="http://cdn.larati.net/static/image/ad_top_bg2.png?&ad_box_=1" />
										<span style="float: left; width:20%;">
											<a href="https://adf.ly/?id=21958691" target="_blank">
                                                                                                    <img id="bee" border=0 src="http://cdn.larati.net/static/image/ahl6532.gif" />
                                                											</a>
										</span>
										<div style="display:inline-block; text-align: center; padding-top: 10px; height: 20px; width:60%;">
                                                                                        <a href="#" id="opera_retry" style="color: yellow;float: right;letter-spacing: 0;display:none;" onclick="javascript:return true;">OPERA MINI USERS CLICK HERE UNTIL SKIP ADD APPEARS!</a>
										</div>
                                        
                                                                                
                                        <span style="float: right; padding-right: 20px; padding-top: 9px; width:20%;">
                                        													<div style="position:absolute; text-align: center; width: 200px; height: 30px; top: 10px; right:0px; color:#ffffff; font-weight: bold; font-size: 16px;" class="please_wait" id="please_wait">
                                                                                                    <span id="please_wait_msg">Please Wait..<br /></span>
                                                                                                <span id="countdown">&nbsp;</span>
                                                <div id="loading" style="display: none">
                                                    <span style="vertical-align: middle;">Loading...</span>
                                                    <img style="vertical-align: middle;" src="http://cdn.larati.net/static/image/spinner.gif">
                                                </div>
                                            </div>
                                            
<a class="mwButton" style="position:absolute; display: none; width: 300px; text-align: right; height: 30px; top: 10px; right:20px; color:#ffffff; font-weight: bold; font-size: 16px; cursor:pointer;" id="skip_bu2tton" target="_top">
    <img src="http://cdn.larati.net/static/image/skip_ad/en_tran.png" alt="Skip Ad" height="39" />
										</span>
                                        <script>
                                            $('#please_wait').css({ 'color': '#' });
                                        </script>
									</div>
                                <div id="bottomAd" style="font-size: 2px; background: url('http://cdn.larati.net/static/image/d_top_bg.png') repeat-x blue">&nbsp;</div>
                                    <div id="bottom">
										<span class="bottom_1">
											<a href="https://adf.ly/?id=21958691" target="_blank">AdF.ly</a> : shorten urls and earn money										</span>
                                                                                    <span class="bottom_2">
                                                <iframe src="//www.facebook.com/plugins/like.php?href=https%3A%2F%2Fwww.facebook.com%2Fx19ltd.adfly&amp;width=150&amp;fb_source=unshorten&amp;layout=button_count&amp;action=like&amp;show_faces=false&amp;share=true&amp;height=21&amp;appId=399141353502152" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:135px; height:21px;" allowTransparency="true"></iframe>                                            </span>
                                        
                                        <span class="bottom_3">
                                            <a href="https://adf.ly/advertiser/advertising" target="_blank">Your Site Here: 10,000 visitors / $5.00</a>
                                        </span>
                                        <span class="bottom_4">
                                            <a style="background-color: red;padding: 3px 6px 3px 6px;border-radius: 6px;color: white;" id="reportAd" href="">Report this ad</a>
                                        </span>
									</div>
								</div>
							</td>
						</tr>
						<tr>
							<td>
                                <iframe data-mf-replace-inner="" scrolling="auto" src="about:blank" id="rf" frameborder="0" allowtransparency="true" style="width:100%;height:100%;display:block;visibility:visible;"></iframe>
							</td>
						</tr>
					</table>
                    <p style="display: none;" id="fbm">You are about to be redirected.
In order to reach your destination link, please click to stay on the page and then click our Skip Ad button.</p>
				</div>
                                    <script src="http://larati.net/fp.rev10.php?nocache=91"></script>
                    <script>
                        var fp2 = new FP();
                        var fff = fp2.sendRequest();
                    </script>                    
                
                
                <style>
                #cookie_notice {
                position: fixed;
                display:none;
                bottom: 0;
                width: 100%;
                height: 12px;
                background-color: #153756;
                color: #FFFFFF;
                padding: 3px 0 6px 0;
                text-align: right;
                z-index: 999999999;
                }
                #cookie_notice a { color: yellow; text-decoration: none; }
                </style>
                <div id='cookie_notice'>
                    <span style="float:left; text-align: left; width:10%;">&nbsp;<a href='//adf.ly/privacy#third_party'>AdChoices</a></span>
                    <span style="float:right; text-align: right;">
                        AdF.ly uses cookies. By continuing to browse the site, you are agreeing to our use of cookies and third-party advertisers <a href='//adf.ly/privacy#ad_pages' target="new">Find out more</a>.
                        <img src="http://cdn.larati.net/static/image/delete2.png" style="margin: 0px 10px 0px 10px; cursor:pointer;" onclick="removeCookieNotice()">
                    </span>
                </div>
                
                <script type="text/javascript">
                function removeCookieNotice() {
                    document.cookie="removeCookieNotice=1";
                    $("#cookie_notice").css("display","none");
                }
                function getCookie(name) {
                    var re = new RegExp(name + "=([^;]+)");
                    var value = re.exec(document.cookie);
                    return (value != null) ? unescape(value[1]) : null;
                }
                if (getCookie('removeCookieNotice') != 1) {
                    $("#cookie_notice").css("display","block");
                }
                </script>
                
			</body>
		    </html>