Analysis Report http://mysp.ac/4kPIV

Overview

General Information

Sample URL: http://mysp.ac/4kPIV
Analysis ID: 333468

Most interesting Screenshot:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Found iframes
HTML title does not match URL
Unusual large HTML page

Classification

AV Detection:

barindex
Multi AV Scanner detection for domain / URL
Source: umbrellacorp.id Virustotal: Detection: 6% Perma Link
Multi AV Scanner detection for submitted file
Source: http://mysp.ac/4kPIV Virustotal: Detection: 6% Perma Link

Phishing:

barindex
Found iframes
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1217218073&timestamp=1608706884935
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1217218073&timestamp=1608706884935
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Iframe src: /_/bscframe
HTML title does not match URL
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Title: YouTube does not match URL
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Title: YouTube does not match URL
Unusual large HTML page
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Total size: 1588092
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: Total size: 1588092
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP Parser: No <meta name="copyright".. found
Source: global traffic HTTP traffic detected: GET /4kPIV HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mysp.acConnection: Keep-Alive
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: "www.youtube.com"}, equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: (g.Tm(b,"www.youtube.com"),c=b.toString()):c=yw(c);b=new Aw(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: (r=r.vss_host||"s.youtube.com",this.aa("www_for_videostats")&&"s.youtube.com"===r&&(r=GD(this.S)||"www.youtube.com")):r="video.google.com";this.Dp=r;this.ph(a,!0);this.P=new dD;g.D(this,this.P);r=b?b.innertubeApiKey:mD("",a.innertube_api_key);p=b?b.innertubeApiVersion:mD("",a.innertube_api_version);n=b?b.innertubeContextClientVersion:mD("",a.innertube_context_client_version);this.ha={innertubeApiKey:xo("INNERTUBE_API_KEY")||r,innertubeApiVersion:xo("INNERTUBE_API_VERSION")||p,SD:g.L("INNERTUBE_CONTEXT_CLIENT_CONFIG_INFO"), equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: +https://www.yobe&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620 equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: +https://www.yobe&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620Root Entry equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: +https://www.yoce=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLoginRoot Entry equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: +https://www.youtube.com/watch?v=KpJKQrianrc equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: +https://www.youtube.com/watch?v=KpJKQrianrc! equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: ,https://www.youtube.co equals www.youtube.com (Youtube)
Source: ~DF96E74BAD1DEF0AD5.TMP.1.dr String found in binary or memory: ,https://www.youtube.com/watch?v=KpJKQrianrc equals www.youtube.com (Youtube)
Source: ~DF96E74BAD1DEF0AD5.TMP.1.dr String found in binary or memory: ,https://www.youtube.com/watch?v=KpJKQrianrcfeature=youtu.be equals www.youtube.com (Youtube)
Source: ~DF96E74BAD1DEF0AD5.TMP.1.dr String found in binary or memory: ,https://www.youtube.com/watch?v=KpJKQrianrcx equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: /signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin equals www.youtube.com (Youtube)
Source: watch[1].htm.2.dr String found in binary or memory: 0&&stack.indexOf("trapChain")>=0)thirdPartyScript=true;var baseUrl=window["ytcfg"].get("EMERGENCY_BASE_URL","https://www.youtube.com/error_204?t=jserror&level=ERROR");if(thirdPartyScript)baseUrl=baseUrl.replace("level=ERROR","level=WARNING");var parts=[baseUrl];for(var key in values){var value=values[key];if(value)parts.push(key+"="+encodeURIComponent(value))}img.src=parts.join("&")}; equals www.youtube.com (Youtube)
Source: watch[1].htm.2.dr String found in binary or memory: </script><link rel="shortcut icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon.ico" type="image/x-icon"><link rel="icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon_32.png" sizes="32x32"><link rel="icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon_48.png" sizes="48x48"><link rel="icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon_96.png" sizes="96x96"><link rel="icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon_144.png" sizes="144x144"><script nonce="mt5IHwfM3YIhjeeM6DtQ0Q">var ytcsi={gt:function(n){n=(n||"")+"data_";return ytcsi[n]||(ytcsi[n]={tick:{},info:{}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks["_"+l]=ticks["_"+l]||[ticks[l]];ticks["_"+l].push(v)}ticks[l]=v},info:function(k, equals www.youtube.com (Youtube)
Source: U1TXOXQG.htm.2.dr String found in binary or memory: </script><link rel="shortcut icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon.ico" type="image/x-icon"><link rel="icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon_32.png" sizes="32x32"><link rel="icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon_48.png" sizes="48x48"><link rel="icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon_96.png" sizes="96x96"><link rel="icon" href="https://www.youtube.com/s/desktop/d743f786/img/favicon_144.png" sizes="144x144"><title>YouTube</title><link rel="canonical" href="https://www.youtube.com/"><link rel="alternate" media="handheld" href="https://m.youtube.com/"><link rel="alternate" media="only screen and (max-width: 640px)" href="https://m.youtube.com/"><meta property="og:image" content="https://www.youtube.com/img/desktop/yt_1200.png"><meta property="fb:app_id" content="87741124305"><link rel="publisher" href="https://plus.google.com/115229808208707341778"><link rel="alternate" href="android-app://com.google.android.youtube/http/www.youtube.com/"><link rel="alternate" href="ios-app://544007664/vnd.youtube/www.youtube.com/"><meta name="description" content="Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube."><meta name="keywords" content="video, sharing, camera phone, video phone, free, upload"><script nonce="wLa+nXZ0Chpk6opF+JRa2w">var ytcsi={gt:function(n){n=(n||"")+"data_";return ytcsi[n]||(ytcsi[n]={tick:{},info:{}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks["_"+l]=ticks["_"+l]||[ticks[l]];ticks["_"+l].push(v)}ticks[l]=v},info:function(k, equals www.youtube.com (Youtube)
Source: watch[1].htm.2.dr String found in binary or memory: </script><script nonce="mt5IHwfM3YIhjeeM6DtQ0Q">(function() {var img = new Image().src = "https://i.ytimg.com/generate_204";})();</script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js" nonce="mt5IHwfM3YIhjeeM6DtQ0Q"></script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lite-noPatch.js" nonce="mt5IHwfM3YIhjeeM6DtQ0Q"></script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/fetch-polyfill.vflset/fetch-polyfill.js" nonce="mt5IHwfM3YIhjeeM6DtQ0Q"></script><script nonce="mt5IHwfM3YIhjeeM6DtQ0Q">if (window.ytcsi) {window.ytcsi.tick('lpcs', null, '');}</script><script nonce="mt5IHwfM3YIhjeeM6DtQ0Q">(function() {window.ytplayer={}; equals www.youtube.com (Youtube)
Source: U1TXOXQG.htm.2.dr String found in binary or memory: </script><script nonce="wLa+nXZ0Chpk6opF+JRa2w">(function() {var img = new Image().src = "https://i.ytimg.com/generate_204";})();</script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js" nonce="wLa+nXZ0Chpk6opF+JRa2w"></script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lite-noPatch.js" nonce="wLa+nXZ0Chpk6opF+JRa2w"></script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/fetch-polyfill.vflset/fetch-polyfill.js" nonce="wLa+nXZ0Chpk6opF+JRa2w"></script><script nonce="wLa+nXZ0Chpk6opF+JRa2w">if (window.ytcsi) {window.ytcsi.tick('lpcs', null, '');}</script><script nonce="wLa+nXZ0Chpk6opF+JRa2w">(function() {window.ytplayer={}; equals www.youtube.com (Youtube)
Source: U1TXOXQG.htm.2.dr String found in binary or memory: </script><script nonce="wLa+nXZ0Chpk6opF+JRa2w">if (window.ytcsi) {window.ytcsi.tick('lpcf', null, '');}</script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/scheduler.vflset/scheduler.js" nonce="wLa+nXZ0Chpk6opF+JRa2w"></script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js" nonce="wLa+nXZ0Chpk6opF+JRa2w"></script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/www-tampering.vflset/www-tampering.js" nonce="wLa+nXZ0Chpk6opF+JRa2w"></script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/www-prepopulator.vflset/www-prepopulator.js" nonce="wLa+nXZ0Chpk6opF+JRa2w"></script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/spf.vflset/spf.js" nonce="wLa+nXZ0Chpk6opF+JRa2w"></script><script nonce="wLa+nXZ0Chpk6opF+JRa2w">if(window["_spf_state"])window["_spf_state"].config={"assume-all-json-requests-chunked":true}; equals www.youtube.com (Youtube)
Source: watch[1].htm.2.dr String found in binary or memory: </script><script src="https://www.youtube.com/s/desktop/d743f786/jsbin/spf.vflset/spf.js" nonce="mt5IHwfM3YIhjeeM6DtQ0Q"></script><script nonce="mt5IHwfM3YIhjeeM6DtQ0Q">if(window["_spf_state"])window["_spf_state"].config={"assume-all-json-requests-chunked":true}; equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: <https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.be equals www.youtube.com (Youtube)
Source: imagestore.dat.2.dr String found in binary or memory: =https://www.youtube.com/s/desktop/d743f786/img/favicon_32.png\ equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: =https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.be equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: =https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.beRoot Entry equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: =https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.bem/watch?v=B81XbQuPFZc&feature=youtu.beRoot Entry equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: Zga=function(a,b){if(!a.u["0"]){var c=new kx("0","fakesb",void 0,new fx(0,0,0,void 0,void 0,"auto"),null,null,1);a.u["0"]=b?new Xx(new Aw("http://www.youtube.com/videoplayback"),c,"fake"):new $x(new Aw("http://www.youtube.com/videoplayback"),c,new Hu(0,0),new Hu(0,0),0,NaN)}}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: a.BASE_YT_URL)||"")||tw(this.Bc)||this.protocol+"://www.youtube.com/";h=b?b.eventLabel:a.el;f="detailpage";"adunit"===h?f=this.B?"embedded":"detailpage":"embedded"===h||this.C?f=kD(f,h,vha):h&&(f="embedded");this.fa=f;Dp();h=null;f=b?b.playerStyle:a.ps;var l=g.jb(qD,f);!f||l&&!this.C||(h=f);this.playerStyle=h;this.K=(this.I=g.jb(qD,this.playerStyle))&&"area120-boutique"!==this.playerStyle&&"play"!==this.playerStyle&&"jamboard"!==this.playerStyle;this.Os=!this.K;this.ba=R(!1,a.disableplaybackui);this.Sc= equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: b),this.P=!1,this.videoData.aa("html5_playready_enable_non_persist_license")&&(this.D.pst="0"));b=HC(this.B)?fxa(c.initData).replace("skd://","https://"):this.B.C;this.videoData.aa("enable_shadow_yttv_channels")&&(b=new g.Rm(b),document.location.origin&&document.location.origin.includes("green")?g.Tm(b,"web-green-qa.youtube.com"):g.Tm(b,"www.youtube.com"),b=b.toString());this.baseUrl=b;this.fairplayKeyId=Qd(this.baseUrl,"ek")||"";if(b=Qd(this.baseUrl,"cpi")||"")this.cryptoPeriodIndex=Number(b);this.fa= equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: fG.prototype.replace=function(a,b){for(var c=g.q(a),d=c.next();!d.done;d=c.next())delete this.u[d.value.encryptedTokenJarContents];eG(this,b)};hG.prototype.B=function(a){var b,c,d=null===(b=a.responseContext)||void 0===b?void 0:b.locationPlayabilityToken;void 0!==d&&(this.locationPlayabilityToken=d,this.u=void 0,"TVHTML5"===(null===(c=a.responseContext)||void 0===c?void 0:c.clientName)?(this.localStorage=gG(this))&&this.localStorage.set("yt-location-playability-token",d,15552E3):g.Aq("YT_CL",JSON.stringify({r5:d}),15552E3,void 0,!0))};var kG={bluetooth:"CONN_DISCO",cellular:"CONN_CELLULAR_UNKNOWN",ethernet:"CONN_WIFI",none:"CONN_NONE",wifi:"CONN_WIFI",wimax:"CONN_CELLULAR_4G",other:"CONN_UNKNOWN",unknown:"CONN_UNKNOWN","slow-2g":"CONN_CELLULAR_2G","2g":"CONN_CELLULAR_2G","3g":"CONN_CELLULAR_3G","4g":"CONN_CELLULAR_4G"};var sia=/[&\?]action_proxy=1/,ria=/[&\?]token=([\w-]*)/,tia=/[&\?]video_id=([\w-]*)/,uia=/[&\?]index=([\d-]*)/,via=/[&\?]m_pos_ms=([\d-]*)/,wia=/[&\?]vvt=([\w-]*)/,xia=/[&\?]mt=([\d-]*)/,oia="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),xG="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "), equals www.youtube.com (Youtube)
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: function ySa(a){if(a.urlEndpoint){if(a=fl(a.urlEndpoint.url),a.adurl)return yc(a.adurl)}else if(a.watchEndpoint)return"//www.youtube.com/watch?v="+a.watchEndpoint.videoId;return null} equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: g.CU.prototype.C=function(a){var b=this;eua(this);var c=a.Px,d=this.api.T();"GENERIC_WITHOUT_LINK"!==c||d.I?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.Ec(FU(this,"TOO_MANY_REQUESTS_WITH_LINK",d.Rk(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c||d.I?this.Ec(g.DU(a.errorMessage)):this.Ec(FU(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c=g.Md(c, equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: g.PD=function(a){a=GD(a.S);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: g.fE=function(a){var b=g.QD(a);!a.aa("yt_embeds_disable_new_error_lozenge_url")&&xha.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: g.k.clone=function(){var a=new Xm;a.C=this.C;this.u&&(a.u=this.u.clone(),a.B=this.B);return a};var dn="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),xda=/\bocr\b/;var yda=/(?:\[|%5B)([a-zA-Z0-9_]+)(?:\]|%5D)/g;gn.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.B[a]!=b&&(this.B[a]=b,this.u=-1)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.QD(this);d&&"www.youtube.com"===c?d="https://youtu.be/"+a:g.KD(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,sr&&(a=Xp())&&(b.ebc=a));return g.Md(d,b)}; equals www.youtube.com (Youtube)
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: getTargetOrigin_:function(){return C("POST_TO_PARENT_DOMAIN","https://www.youtube.com")}};Polymer({is:"yt-invalidation-continuation",properties:{data:{type:Object,observer:"dataChanged"},isReusable:{type:Boolean,value:!1},tangoConfiguration:{type:Object,value:function(){return A.unsafeClone(C("LIVE_CHAT_BASE_TANGO_CONFIG",void 0))}}}, equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620 equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DB81XbQuPFZc%2526feature%253Dyoutu.be&hl=en&ec=65620&flowName=GlifWebSignIn&flowEntry=ServiceLogin! equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://consent.google.com/?continue=https://www.youtube.com/&origin=https://www.youtube.com&pc=yt&hl=en&gl=GB&if=1&m=0&l=0&uxe=23934716 equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://consent.youtube.com/intro/?continue=https://www.youtube.com/&origin=https://www.youtube.com&if=1&gl=GB&hl=en&pc=yt&uxe=23934716 equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.co equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com/! equals www.youtube.com (Youtube)
Source: ~DF96E74BAD1DEF0AD5.TMP.1.dr String found in binary or memory: https://www.youtube.com/tch?v=B81XbQuPFZc&feature=youtu.be equals www.youtube.com (Youtube)
Source: ~DF96E74BAD1DEF0AD5.TMP.1.dr String found in binary or memory: https://www.youtube.com/tch?v=B81XbQuPFZc&feature=youtu.be` equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.be equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.beNStrike babon ikan nila 2,3 kg - YouTube equals www.youtube.com (Youtube)
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com/watch?v=KpJKQrianrc equals www.youtube.com (Youtube)
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: if(b.includes("https://www.youtube.com"))return!1;a=b.split("\n");if(!a.length)return!1;b=0;for(var c=k(a),d=c.next();!d.done;d=c.next())d=d.value,(d.includes("https://")||d.includes("http://"))&&b++;return .95<b/a.length}, equals www.youtube.com (Youtube)
Source: base[1].js.2.dr String found in binary or memory: jja(this.videoData),this.V("highrepfallback");else if(a.u){var d=this.Aa?this.Aa.K.F:null;if(cya(a)&&d&&d.isLocked())var e="FORMAT_UNAVAILABLE";else if(!this.Sa.I&&"auth"===a.errorCode&&"429"===a.details.rc){e="TOO_MANY_REQUESTS";var f="6"}this.V("playererror",a.errorCode,e,g.HB(a.details),f)}else d=/^pp/.test(this.videoData.clientPlaybackNonce),AZ(this,a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(d="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+ equals www.youtube.com (Youtube)
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: uc(d,Ib(Cb("https://www.youtube.com/iframe_api")));a.insertBefore(d,a.firstChild);return c.promise},wSa=function(a,b,c){var d,f; equals www.youtube.com (Youtube)
Source: www-tampering[1].js.2.dr String found in binary or memory: var E=Object.freeze("document.appendChild document.body.appendChild document.querySelector document.querySelectorAll history.back history.go".split(" ")),F=Object.freeze("fonts.googleapis.com s0.2mdn.net securepubads.g.doubleclick.net ssl.google-analytics.com static.doubleclick.net www.google-analytics.com www.googletagservices.com www.youtube.com youtube.com".split(" ")),G=Object.freeze(["pkedcjkdefgpdelpbcmbmeomcjbeemfm","fjhoaacokmgbjemoflkofnenfaiekifl","enhhojjnijigcajfphajepfemndkmdlo"]),H= equals www.youtube.com (Youtube)
Source: watch[1].htm.2.dr String found in binary or memory: var combinedLineAndColumn=err.lineNumber;if(!isNaN(err["columnNumber"]))combinedLineAndColumn+=":"+err["columnNumber"];var stack=err.stack||"";var values={"msg":message,"type":err.name,"client.params":"unhandled window error","file":err.fileName,"line":combinedLineAndColumn,"stack":stack.substr(0,500)};var thirdPartyScript=!err.fileName||err.fileName==="<anonymous>";var replaced=stack.replace(/https:\/\/www.youtube.com\//g,"");if(replaced.match(/https?:\/\/[^/]+\//))thirdPartyScript=true;else if(stack.indexOf("trapProp")>= equals www.youtube.com (Youtube)
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: var xZ=wZ;x([R(W.YtRendererBehavior),z("design:type",Object)],xZ.prototype,"ytRendererBehavior",void 0);x([R(Z),z("design:type",Object)],xZ.prototype,"ytRendererstamperBehavior",void 0);x([S(),z("design:type",Object)],xZ.prototype,"data",void 0);xZ=x([V({is:"ytd-labs-edit-renderer"})],xZ);var z$a;var A$a;var yZ=function(){var a=P.apply(this,arguments)||this;a.headerBackgroundLight="https://www.gstatic.com/youtube/img/labs/early_access_header_light.png";a.headerBackgroundDark="https://www.gstatic.com/youtube/img/labs/early_access_header_dark.png";a.actionMap={"yt-dark-mode-toggled-action":"onDarkModeToggledAction"};return a}; equals www.youtube.com (Youtube)
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: weight:0},{callback:function(a){if(!a.stack)return!1;var b=a.stack.trim().split("\n");b.length&&b[0].endsWith("Error: "+a.message)&&b.shift();b.length&&b[b.length-1].includes("at window.onerror (")&&b.pop();if(!b.length)return!0;if("Script error."===a.message)return b[0].includes("www.youtube.com")||2<=b.length&&b[0].startsWith("at new")&&b[1].startsWith("at window.onerror");if("Unexpected token"===a.message)return!0;a=k(b);for(b=a.next();!b.done;b=a.next())if(b=b.value,!(b.includes("<anonymous>")|| equals www.youtube.com (Youtube)
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: {query:a.browseEndpoint.query})),f&&a.browseEndpoint.params&&(f=AN(f,{params:a.browseEndpoint.params}));else{if(a.urlEndpoint)return a.urlEndpoint.url;a.signInEndpoint?(f="https://accounts.google.com/ServiceLogin",d={},A.extend(d,b||{},{"continue":window.location.href.split("#")[0],action_handle_signin:!0,passive:!0}),b=d):a.uploadEndpoint?f="//www.youtube.com/upload":a.liveChatEndpoint?f=WNa(a.liveChatEndpoint):a.liveChatReplayEndpoint?f=XNa(a.liveChatReplayEndpoint):a.liveChatItemContextMenuEndpoint? equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: mysp.ac
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: http://hammerjs.github.io/
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr, web-animations-next-lite.min[1].js.2.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: http://www.broofa.com
Source: base[1].js.2.dr String found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.2.dr String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.2.dr String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: videoplayback[2].mp4.2.dr, base[1].js.2.dr String found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.2.dr String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://accountlinking-pa.clients6.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://accountlinking-pa.googleapis.com
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://accounts.googl
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://accounts.google.com/ServiceLogin
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://accounts.google.com/_/bscframe
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://accounts.google.com/signin/v2/identifier?service=youtube&uilel=3&passive=true&continue=https
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1217
Source: base[1].js.2.dr String found in binary or memory: https://admin.youtube.com
Source: network[1].js.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/spf/2.4.0/LICENSE
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://angular.io/license
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://apis.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://apis.google.com/js/api.js
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=170762
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://client-channel.google.com/client-channel/client
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://client-channel.sandbox.google.com/client-channel/client
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://client-channel.youtube.com/client-channel/client
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://clients2.google.com/gr/gr_sync.js
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://consent.google.com/?continue=https://www.youtube.com/&origin=https://www.youtube.com&pc=yt&h
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://consent.youtube.com/
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://consent.youtube.com/intro/?continue=https://www.youtube.com/&origin=https://www.youtube.com&
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://dev-accountlinking-pa-googleapis.corp.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://dev-accountlinking-pa.corp.googleapis.com
Source: base[1].js.2.dr String found in binary or memory: https://docs.google.com/get_video_info
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://docs.google.com/picker
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/Y
Source: css[2].css.2.dr String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: css[2].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[2].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[2].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[2].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v12/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-.woff)
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/robotomono/v12/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2_ROW-.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/ytsans/v10/46kqlb3ta3zqoJU2dbvnb0Jg1A.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/ytsans/v10/46kqlb3ta3zqoJU2dePmb0Jg1A.woff)
Source: css[2].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/ytsans/v10/46kqlb3ta3zqoJU2dfPhb0Jg1A.woff)
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://github.com/Polymer/polymer/issues/3711
Source: watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://i.ytimg.com/generate_204
Source: U1TXOXQG.htm.2.dr String found in binary or memory: https://m.youtube.com/
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://myaccount-autopush.corp.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://myaccount-daily-0.corp.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://myaccount-dev.corp.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://myaccount.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://oauth-redirect-sandbox.googleusercontent.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://oauth-redirect-test.googleusercontent.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://oauth-redirect.googleusercontent.com
Source: base[1].js.2.dr, desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: U1TXOXQG.htm.2.dr String found in binary or memory: https://plus.google.com/115229808208707341778
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://punctual-dev.corp.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://schema.org
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://signaler-pa.clients6.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://signaler-pa.googleapis.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://signaler-pa.youtube.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://signaler-staging.sandbox.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://ssl.gstatic.com/docs/doclist/images/icon_10_generic_list.png
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://staging-accountlinking-pa-googleapis.sandbox.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://staging-accountlinking-pa.sandbox.googleapis.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://stagingqual-accountlinking-pa-googleapis.sandbox.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://stagingqual-accountlinking-pa.sandbox.googleapis.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://support.google.com/youtube/?p=creator_community
Source: base[1].js.2.dr String found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.2.dr String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.2.dr String found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.2.dr String found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: remote[1].js.2.dr String found in binary or memory: https://support.google.com/youtube/answer/7640706
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://support.google.com/youtube/bin/answer.py?answer=140536
Source: base[1].js.2.dr String found in binary or memory: https://viacon.corp.google.com
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.google.com/recaptcha/api.js?
Source: base[1].js.2.dr String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=AW-758154851
Source: remote[1].js.2.dr, desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.gstatic.com/support/help/staging/main_frame/help_panel_staging_binary.js
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.gstatic.com/youtube/img/labs/early_access_header_dark.png
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.gstatic.com/youtube/img/labs/early_access_header_light.png
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.yobe&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handl
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.yoce=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Facti
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.co
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.youtube.com
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/
Source: watch[1].htm.2.dr String found in binary or memory: https://www.youtube.com/error_204?t=jserror&level=ERROR
Source: base[1].js.2.dr String found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.2.dr String found in binary or memory: https://www.youtube.com/iframe_api
Source: U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/img/desktop/yt_1200.png
Source: watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/img/favicon.ico
Source: watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/img/favicon_144.png
Source: imagestore.dat.2.dr, watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/img/favicon_32.png
Source: watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/img/favicon_48.png
Source: watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/img/favicon_96.png
Source: watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/jsbin/fetch-polyfill.vflset/fetch-polyfill.js
Source: U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/jsbin/scheduler.vflset/scheduler.js
Source: watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/jsbin/spf.vflset/spf.js
Source: watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/jsbin/web-animations-next-lite.min.vflset/web-animations-
Source: watch[1].htm.2.dr, U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lit
Source: U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.
Source: U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/jsbin/www-prepopulator.vflset/www-prepopulator.js
Source: U1TXOXQG.htm.2.dr String found in binary or memory: https://www.youtube.com/s/desktop/d743f786/jsbin/www-tampering.vflset/www-tampering.js
Source: ~DF96E74BAD1DEF0AD5.TMP.1.dr String found in binary or memory: https://www.youtube.com/tch?v=B81XbQuPFZc&feature=youtu.be
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.be
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.beNStrike
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.beRoot
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.bem/watch?v=B81XbQuPFZc&feature=youtu.beRo
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DF96E74BAD1DEF0AD5.TMP.1.dr String found in binary or memory: https://www.youtube.com/watch?v=KpJKQrianrc
Source: ~DF96E74BAD1DEF0AD5.TMP.1.dr String found in binary or memory: https://www.youtube.com/watch?v=KpJKQrianrcfeature=youtu.be
Source: ~DF96E74BAD1DEF0AD5.TMP.1.dr String found in binary or memory: https://www.youtube.com/watch?v=KpJKQrianrcx
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtue.com/ServiceLogin?service=youtunrc
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtue.com/signin/v2/identifier?servinrc
Source: {6A30C097-44EC-11EB-90E4-ECF4BB862DED}.dat.1.dr String found in binary or memory: https://www.youtum/tch?v=B81XbQuPFZc&feature=youtu.beRoot
Source: base[1].js.2.dr String found in binary or memory: https://youtu.be/
Source: base[1].js.2.dr String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: base[1].js.2.dr String found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: base[1].js.2.dr String found in binary or memory: https://yurt.corp.google.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: classification engine Classification label: mal56.win@3/89@15/12
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF555F30636C0DA9A0.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3732 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3732 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 333468 URL: http://mysp.ac/4kPIV Startdate: 22/12/2020 Architecture: WINDOWS Score: 56 12 www.youtube.com 2->12 14 prda.aadg.msidentity.com 2->14 22 Multi AV Scanner detection for domain / URL 2->22 24 Multi AV Scanner detection for submitted file 2->24 7 iexplore.exe 22 64 2->7         started        signatures3 process4 process5 9 iexplore.exe 9 153 7->9         started        dnsIp6 16 umbrellacorp.id 192.64.113.199, 443, 49735, 49736 NAMECHEAP-NETUS United States 9->16 18 mysp.ac 63.135.90.71, 49732, 49733, 80 MYSPACEUS United States 9->18 20 19 other IPs or domains 9->20
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
173.194.151.91
 unknown United States
15169 GOOGLEUS false
173.194.164.169
 unknown United States
15169 GOOGLEUS false
173.194.164.156
 unknown United States
15169 GOOGLEUS false
142.250.74.214
 unknown United States
15169 GOOGLEUS false
172.217.21.238
 unknown United States
15169 GOOGLEUS false
192.64.113.199
 unknown United States
22612 NAMECHEAP-NETUS true
173.194.188.9
 unknown United States
15169 GOOGLEUS false
172.217.22.33
 unknown United States
15169 GOOGLEUS false
63.135.90.71
 unknown United States
33739 MYSPACEUS false
172.217.18.99
 unknown United States
15169 GOOGLEUS false
173.194.164.121
 unknown United States
15169 GOOGLEUS false

Private
IP
192.168.2.1

Contacted Domains

Name IP Active
youtu.be 172.217.21.238 true
r3.sn-4g5e6nl7.googlevideo.com 173.194.164.121 true
r6.sn-4g5edne6.googlevideo.com 173.194.164.156 true
umbrellacorp.id 192.64.113.199 true
i.ytimg.com 142.250.74.214 true
r5.sn-4g5e6nez.googlevideo.com 173.194.151.91 true
www.google.co.uk 172.217.18.99 true
photos-ugc.l.googleusercontent.com 172.217.22.33 true
consent.youtube.com 172.217.22.78 true
r3.sn-4g5edned.googlevideo.com 173.194.164.169 true
r4.sn-4g5edns7.googlevideo.com 173.194.188.9 true
mysp.ac 63.135.90.71 true
yt3.ggpht.com unknown unknown
r4---sn-4g5edns7.googlevideo.com unknown unknown
r6---sn-4g5edne6.googlevideo.com unknown unknown
r3---sn-4g5edned.googlevideo.com unknown unknown
r3---sn-4g5e6nl7.googlevideo.com unknown unknown
r5---sn-4g5e6nez.googlevideo.com unknown unknown
accounts.youtube.com unknown unknown
www.youtube.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.youtube.com/watch?v=B81XbQuPFZc&feature=youtu.be false
    		high
    https://www.youtube.com/watch?v=KpJKQrianrc false
      		high
      http://mysp.ac/4kPIV true
        		unknown