URL: | http://em.yotpo.com/ls/click?upn=u001.-2FemWfc87t0MOUEjl1SkAEj2QOZa462tHwmamXsJYSgk9gw-2F744A8sEV4aPNbU9Xj5ZT55swjOdyL052ZgQBLNA-3D-3DgGiz_xAS4fg9a1FH0D-2Ff-2BXZtv2Aau2HSAOO70vT34jTFGgJ1kZJhWSi1gDLeT1oocVMq58f-2FQNKfwGkpuJsSrlPTWd7id4-2FxsdNpzPhdFhuxX5jkzookVqPvs-2FOtfehtT-2B510Udjd07JjwL5hynV9WuL3IXM7d161Yu7ZGMSWoWgRVyAmWGX0hSl6sZAPYVMJgLNFqdVDqePKaaIe6XsS93y2IIBAMjQZHZocvfv-2FxJTVTpzsIIInftPp5gbMzTrzT3ZicHAW-2Bmm-2FOsPBbcaxDdQyRkZ6bH3fVa-2BVdALVGU0nHRHaYq-2BozmyB2NF0h-2FeYkVWnV1iE9lmBSpbdtgwmUmauBtv0ehMXWuIbTZXkulZ2Rx4uYYF-2B-2F3t-2BVnKf6O2s8hOBowgLR8aJ2qaio-2Fl-2FmK1mOp7G01xXXqdzGsEdD9Icy9ITdVHwFeC6crAPRNuncUpwFYIAblEfptAnta09hRqx-2FDLziTthC5Xj4AtuKARkrakS11qFjXMpa9SdfrqMffxVR3W89DhGBHtwwZghjsVMFGrGncON7WZM-2FPf6ltKjfRK7bGgjVp9glXeSyzhWszYNi0OoqBCI0NaQwgDAZ8s-2FZ1tMyLCRRlla1xG9KgPjvEk-3D#ZXNwbGV0dEBmcmVkbGF3LmNvbQ==&u001.-2FemWfc87t0MOUEjl1SkAEj2QOZa462tHwmamXsJYSgk9gw-2F744A8sEV4aPNbU9Xj5ZT55swjOdyL052ZgQBLNA-3D-3DgGiz_xAS4fg9a1FH0D-2Ff-2BXZtv2Aau2HSAOO70vT34jTFGgJ1kZJhWSi1gDLeT1oocVMq58f-2FQNKfwGkpuJsSrlPTWd7id4-2FxsdNpzPhdFhuxX5jkzookVqPvs-2FOtfehtT-2B510Udjd07JjwL5hynV9WuL3IXM7d161Yu7ZGMSWoWgRVyAmWGX0hSl6sZAPYVMJgLNFqdVDqePKaaIe6XsS93y2IIBAMjQZHZocvfv-2FxJTVTpzsIIInftPp5gbMzTrzT3ZicHAW-2Bmm-2FOsPBbcaxDdQyRkZ6bH3fVa-2BVdALVGU0nHRHaYq-2BozmyB2NF0h-2FeYkVWnV1iE9lmBSpbdtgwmUmauBtv0ehMXWuIbTZXkulZ2Rx4uYYF-2B-2F3t-2BVnKf6O2s8hOBowgLR8aJ2qaio-2Fl-2FmK1mOp7G01xXXqdzGsEdD9Icy9ITdVHwFeC6crAPRNuncUpwFYIAblEfptAnta09hRqx-2FDLziTthC5Xj4AtuKARkrakS11qFjXMpa9SdfrqMffxVR3W89DhGBHtwwZghjsVMFGrGncON7WZM-2FPf6ltKjfRK7bGgjVp9glXeSyzhWszYNi0OoqBCI0NaQwgDAZ8s-2FZ1tMyLCRRlla1xG9KgPjvEk-3D |
Full analysis: | https://app.any.run/tasks/ec024d12-3680-435a-ba34-f28e46c06fd8 |
Verdict: | Malicious activity |
Analysis date: | March 26, 2024, 20:49:32 |
OS: | Ubuntu 22.04.2 |
Tags: | |
MD5: | BE6EF767659DA393AD563786ECAD9079 |
SHA1: | 5B751BB56898B07020A8A934CABCA42A3964991E |
SHA256: | 158DF645199071C561FB128A77230D0FBDF7D92548A97A1FE625F2829E3EB6E6 |
SSDEEP: | 48:u97Tj99yndMZlXfitukpU97Tj99yndMZlXfituk1:WDyndmXK4/DyndmXK4W |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
9307 | /bin/sh -c "DISPLAY=:0 sudo -iu user google-chrome \"http://em\.yotpo\.com/ls/click?upn=u001\.-2FemWfc87t0MOUEjl1SkAEj2QOZa462tHwmamXsJYSgk9gw-2F744A8sEV4aPNbU9Xj5ZT55swjOdyL052ZgQBLNA-3D-3DgGiz_xAS4fg9a1FH0D-2Ff-2BXZtv2Aau2HSAOO70vT34jTFGgJ1kZJhWSi1gDLeT1oocVMq58f-2FQNKfwGkpuJsSrlPTWd7id4-2FxsdNpzPhdFhuxX5jkzookVqPvs-2FOtfehtT-2B510Udjd07JjwL5hynV9WuL3IXM7d161Yu7ZGMSWoWgRVyAmWGX0hSl6sZAPYVMJgLNFqdVDqePKaaIe6XsS93y2IIBAMjQZHZocvfv-2FxJTVTpzsIIInftPp5gbMzTrzT3ZicHAW-2Bmm-2FOsPBbcaxDdQyRkZ6bH3fVa-2BVdALVGU0nHRHaYq-2BozmyB2NF0h-2FeYkVWnV1iE9lmBSpbdtgwmUmauBtv0ehMXWuIbTZXkulZ2Rx4uYYF-2B-2F3t-2BVnKf6O2s8hOBowgLR8aJ2qaio-2Fl-2FmK1mOp7G01xXXqdzGsEdD9Icy9ITdVHwFeC6crAPRNuncUpwFYIAblEfptAnta09hRqx-2FDLziTthC5Xj4AtuKARkrakS11qFjXMpa9SdfrqMffxVR3W89DhGBHtwwZghjsVMFGrGncON7WZM-2FPf6ltKjfRK7bGgjVp9glXeSyzhWszYNi0OoqBCI0NaQwgDAZ8s-2FZ1tMyLCRRlla1xG9KgPjvEk-3D#ZXNwbGV0dEBmcmVkbGF3LmNvbQ==&u001\.-2FemWfc87t0MOUEjl1SkAEj2QOZa462tHwmamXsJYSgk9gw-2F744A8sEV4aPNbU9Xj5ZT55swjOdyL052ZgQBLNA-3D-3DgGiz_xAS4fg9a1FH0D-2Ff-2BXZtv2Aau2HSAOO70vT34jTFGgJ1kZJhWSi1gDLeT1oocVMq58f-2FQNKfwGkpuJsSrlPTWd7id4-2FxsdNpzPhdFhuxX5jkzookVqPvs-2FOtfehtT-2B510Udjd07JjwL5hynV9WuL3IXM7d161Yu7ZGMSWoWgRVyAmWGX0hSl6sZAPYVMJgLNFqdVDqePKaaIe6XsS93y2IIBAMjQZHZocvfv-2FxJTVTpzsIIInftPp5gbMzTrzT3ZicHAW-2Bmm-2FOsPBbcaxDdQyRkZ6bH3fVa-2BVdALVGU0nHRHaYq-2BozmyB2NF0h-2FeYkVWnV1iE9lmBSpbdtgwmUmauBtv0ehMXWuIbTZXkulZ2Rx4uYYF-2B-2F3t-2BVnKf6O2s8hOBowgLR8aJ2qaio-2Fl-2FmK1mOp7G01xXXqdzGsEdD9Icy9ITdVHwFeC6crAPRNuncUpwFYIAblEfptAnta09hRqx-2FDLziTthC5Xj4AtuKARkrakS11qFjXMpa9SdfrqMffxVR3W89DhGBHtwwZghjsVMFGrGncON7WZM-2FPf6ltKjfRK7bGgjVp9glXeSyzhWszYNi0OoqBCI0NaQwgDAZ8s-2FZ1tMyLCRRlla1xG9KgPjvEk-3D\" " | /bin/sh | — | any-guest-agent |
User: root Integrity Level: UNKNOWN | ||||
9308 | sudo -iu user google-chrome http://em.yotpo.com/ls/click?upn=u001.-2FemWfc87t0MOUEjl1SkAEj2QOZa462tHwmamXsJYSgk9gw-2F744A8sEV4aPNbU9Xj5ZT55swjOdyL052ZgQBLNA-3D-3DgGiz_xAS4fg9a1FH0D-2Ff-2BXZtv2Aau2HSAOO70vT34jTFGgJ1kZJhWSi1gDLeT1oocVMq58f-2FQNKfwGkpuJsSrlPTWd7id4-2FxsdNpzPhdFhuxX5jkzookVqPvs-2FOtfehtT-2B510Udjd07JjwL5hynV9WuL3IXM7d161Yu7ZGMSWoWgRVyAmWGX0hSl6sZAPYVMJgLNFqdVDqePKaaIe6XsS93y2IIBAMjQZHZocvfv-2FxJTVTpzsIIInftPp5gbMzTrzT3ZicHAW-2Bmm-2FOsPBbcaxDdQyRkZ6bH3fVa-2BVdALVGU0nHRHaYq-2BozmyB2NF0h-2FeYkVWnV1iE9lmBSpbdtgwmUmauBtv0ehMXWuIbTZXkulZ2Rx4uYYF-2B-2F3t-2BVnKf6O2s8hOBowgLR8aJ2qaio-2Fl-2FmK1mOp7G01xXXqdzGsEdD9Icy9ITdVHwFeC6crAPRNuncUpwFYIAblEfptAnta09hRqx-2FDLziTthC5Xj4AtuKARkrakS11qFjXMpa9SdfrqMffxVR3W89DhGBHtwwZghjsVMFGrGncON7WZM-2FPf6ltKjfRK7bGgjVp9glXeSyzhWszYNi0OoqBCI0NaQwgDAZ8s-2FZ1tMyLCRRlla1xG9KgPjvEk-3D#ZXNwbGV0dEBmcmVkbGF3LmNvbQ==&u001.-2FemWfc87t0MOUEjl1SkAEj2QOZa462tHwmamXsJYSgk9gw-2F744A8sEV4aPNbU9Xj5ZT55swjOdyL052ZgQBLNA-3D-3DgGiz_xAS4fg9a1FH0D-2Ff-2BXZtv2Aau2HSAOO70vT34jTFGgJ1kZJhWSi1gDLeT1oocVMq58f-2FQNKfwGkpuJsSrlPTWd7id4-2FxsdNpzPhdFhuxX5jkzookVqPvs-2FOtfehtT-2B510Udjd07JjwL5hynV9WuL3IXM7d161Yu7ZGMSWoWgRVyAmWGX0hSl6sZAPYVMJgLNFqdVDqePKaaIe6XsS93y2IIBAMjQZHZocvfv-2FxJTVTpzsIIInftPp5gbMzTrzT3ZicHAW-2Bmm-2FOsPBbcaxDdQyRkZ6bH3fVa-2BVdALVGU0nHRHaYq-2BozmyB2NF0h-2FeYkVWnV1iE9lmBSpbdtgwmUmauBtv0ehMXWuIbTZXkulZ2Rx4uYYF-2B-2F3t-2BVnKf6O2s8hOBowgLR8aJ2qaio-2Fl-2FmK1mOp7G01xXXqdzGsEdD9Icy9ITdVHwFeC6crAPRNuncUpwFYIAblEfptAnta09hRqx-2FDLziTthC5Xj4AtuKARkrakS11qFjXMpa9SdfrqMffxVR3W89DhGBHtwwZghjsVMFGrGncON7WZM-2FPf6ltKjfRK7bGgjVp9glXeSyzhWszYNi0OoqBCI0NaQwgDAZ8s-2FZ1tMyLCRRlla1xG9KgPjvEk-3D | /usr/bin/sudo | — | sh |
User: root Integrity Level: UNKNOWN | ||||
9309 | /usr/bin/google-chrome http://em.yotpo.com/ls/click?upn=u001.-2FemWfc87t0MOUEjl1SkAEj2QOZa462tHwmamXsJYSgk9gw-2F744A8sEV4aPNbU9Xj5ZT55swjOdyL052ZgQBLNA-3D-3DgGiz_xAS4fg9a1FH0D-2Ff-2BXZtv2Aau2HSAOO70vT34jTFGgJ1kZJhWSi1gDLeT1oocVMq58f-2FQNKfwGkpuJsSrlPTWd7id4-2FxsdNpzPhdFhuxX5jkzookVqPvs-2FOtfehtT-2B510Udjd07JjwL5hynV9WuL3IXM7d161Yu7ZGMSWoWgRVyAmWGX0hSl6sZAPYVMJgLNFqdVDqePKaaIe6XsS93y2IIBAMjQZHZocvfv-2FxJTVTpzsIIInftPp5gbMzTrzT3ZicHAW-2Bmm-2FOsPBbcaxDdQyRkZ6bH3fVa-2BVdALVGU0nHRHaYq-2BozmyB2NF0h-2FeYkVWnV1iE9lmBSpbdtgwmUmauBtv0ehMXWuIbTZXkulZ2Rx4uYYF-2B-2F3t-2BVnKf6O2s8hOBowgLR8aJ2qaio-2Fl-2FmK1mOp7G01xXXqdzGsEdD9Icy9ITdVHwFeC6crAPRNuncUpwFYIAblEfptAnta09hRqx-2FDLziTthC5Xj4AtuKARkrakS11qFjXMpa9SdfrqMffxVR3W89DhGBHtwwZghjsVMFGrGncON7WZM-2FPf6ltKjfRK7bGgjVp9glXeSyzhWszYNi0OoqBCI0NaQwgDAZ8s-2FZ1tMyLCRRlla1xG9KgPjvEk-3D#ZXNwbGV0dEBmcmVkbGF3LmNvbQ==&u001.-2FemWfc87t0MOUEjl1SkAEj2QOZa462tHwmamXsJYSgk9gw-2F744A8sEV4aPNbU9Xj5ZT55swjOdyL052ZgQBLNA-3D-3DgGiz_xAS4fg9a1FH0D-2Ff-2BXZtv2Aau2HSAOO70vT34jTFGgJ1kZJhWSi1gDLeT1oocVMq58f-2FQNKfwGkpuJsSrlPTWd7id4-2FxsdNpzPhdFhuxX5jkzookVqPvs-2FOtfehtT-2B510Udjd07JjwL5hynV9WuL3IXM7d161Yu7ZGMSWoWgRVyAmWGX0hSl6sZAPYVMJgLNFqdVDqePKaaIe6XsS93y2IIBAMjQZHZocvfv-2FxJTVTpzsIIInftPp5gbMzTrzT3ZicHAW-2Bmm-2FOsPBbcaxDdQyRkZ6bH3fVa-2BVdALVGU0nHRHaYq-2BozmyB2NF0h-2FeYkVWnV1iE9lmBSpbdtgwmUmauBtv0ehMXWuIbTZXkulZ2Rx4uYYF-2B-2F3t-2BVnKf6O2s8hOBowgLR8aJ2qaio-2Fl-2FmK1mOp7G01xXXqdzGsEdD9Icy9ITdVHwFeC6crAPRNuncUpwFYIAblEfptAnta09hRqx-2FDLziTthC5Xj4AtuKARkrakS11qFjXMpa9SdfrqMffxVR3W89DhGBHtwwZghjsVMFGrGncON7WZM-2FPf6ltKjfRK7bGgjVp9glXeSyzhWszYNi0OoqBCI0NaQwgDAZ8s-2FZ1tMyLCRRlla1xG9KgPjvEk-3D | /opt/google/chrome/chrome | — | sudo |
User: user Integrity Level: UNKNOWN | ||||
9310 | /usr/bin/locale-check C.UTF-8 | /usr/bin/locale-check | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9311 | readlink -f /usr/bin/google-chrome | /usr/bin/readlink | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9312 | dirname /opt/google/chrome/google-chrome | /usr/bin/dirname | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9313 | mkdir -p /home/user/.local/share/applications | /usr/bin/mkdir | — | chrome |
User: user Integrity Level: UNKNOWN Exit code: 0 | ||||
9314 | cat | /usr/bin/cat | — | chrome |
User: user Integrity Level: UNKNOWN | ||||
9315 | cat | /usr/bin/cat | — | chrome |
User: user Integrity Level: UNKNOWN | ||||
9316 | /opt/google/chrome/chrome | — | chrome | |
User: user Integrity Level: UNKNOWN Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
9309 | chrome | /9309/fd/63 | — | |
MD5:— | SHA256:— | |||
9309 | chrome | /home/user/.config/google-chrome/BrowserMetrics/BrowserMetrics-660334E2-245D.pma | — | |
MD5:— | SHA256:— | |||
9309 | chrome | /.com.google.Chrome.KtCmdd | — | |
MD5:— | SHA256:— | |||
9309 | chrome | /home/user/.config/google-chrome/Default/Sync Data/LevelDB/LOG | — | |
MD5:— | SHA256:— | |||
9309 | chrome | /.com.google.Chrome.rmNfww | — | |
MD5:— | SHA256:— | |||
9309 | chrome | /.com.google.Chrome.lKUVPY | — | |
MD5:— | SHA256:— | |||
9309 | chrome | /.com.google.Chrome.jcZqWj | — | |
MD5:— | SHA256:— | |||
9309 | chrome | /home/user/.config/google-chrome/Default/Site Characteristics Database/LOG | — | |
MD5:— | SHA256:— | |||
9309 | chrome | /home/user/.config/google-chrome/Default/commerce_subscription_db/LOG | — | |
MD5:— | SHA256:— | |||
9309 | chrome | /home/user/.config/google-chrome/Default/discounts_db/LOG | — | |
MD5:— | SHA256:— |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 224.0.0.251:5353 | — | — | — | unknown |
— | — | 195.181.170.19:443 | — | Datacamp Limited | DE | unknown |
— | — | 142.250.186.131:443 | clientservices.googleapis.com | GOOGLE | US | unknown |
— | — | 173.194.79.84:443 | accounts.google.com | GOOGLE | US | unknown |
— | — | 239.255.255.250:1900 | — | — | — | unknown |
— | — | 34.198.11.143:80 | em.yotpo.com | AMAZON-AES | US | unknown |
— | — | 104.17.24.14:443 | cdnjs.cloudflare.com | — | — | unknown |
— | — | 34.198.11.143:443 | em.yotpo.com | AMAZON-AES | US | unknown |
— | — | 194.5.212.157:443 | cloudfareroutes.icu | M247 Ltd | DE | unknown |
— | — | 202.226.37.184:443 | cocototo.co.jp | Xserver Inc. | JP | unknown |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
em.yotpo.com |
| unknown |
cloudfareroutes.icu |
| unknown |
cdnjs.cloudflare.com |
| whitelisted |
cocototo.co.jp |
| unknown |
challenges.cloudflare.com |
| whitelisted |
157.100.168.192.in-addr.arpa |
| unknown |
www.google.com |
| whitelisted |
update.googleapis.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET INFO DNS Query for Suspicious .icu Domain |
— | — | Potentially Bad Traffic | ET INFO Suspicious Domain (*.icu) in TLS SNI |
— | — | Potentially Bad Traffic | ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.icu) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Possible Fake Microsoft Login Page |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Possible Fake Microsoft Login Page |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Image branding component hosted by Microsoft |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Image branding component hosted by Microsoft |