analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://www.dexform.com/download/boscard-template

Full analysis: https://app.any.run/tasks/2df8a75e-4c14-4110-860a-18f877686e46
Verdict: Malicious activity
Analysis date: August 13, 2019, 13:27:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

351210624E031769DC959E5193A30220

SHA1:

FA05903B8FAF923C677002C66A214465ECB1D637

SHA256:

3022096F5E738EC7E599E93001CB81564825801A3F5608111120A9B99A1F20B3

SSDEEP:

3:N1KJS4BG8LloJNn:Cc4BNqb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 1640)
    • Starts Microsoft Office Application

      • iexplore.exe (PID: 2632)
      • WINWORD.EXE (PID: 3024)
    • Application launched itself

      • WINWORD.EXE (PID: 3024)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2168)
  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2632)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3076)
    • Creates files in the user directory

      • iexplore.exe (PID: 2632)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 1640)
      • iexplore.exe (PID: 3076)
      • WINWORD.EXE (PID: 3024)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3076)
    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 3024)
      • WINWORD.EXE (PID: 1104)
    • Manual execution by user

      • chrome.exe (PID: 2168)
    • Application launched itself

      • chrome.exe (PID: 2168)
    • Changes settings of System certificates

      • chrome.exe (PID: 2740)
    • Reads settings of System Certificates

      • chrome.exe (PID: 2740)
    • Dropped object may contain Bitcoin addresses

      • chrome.exe (PID: 2740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
105
Monitored processes
67
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs winword.exe no specs winword.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2632"C:\Program Files\Internet Explorer\iexplore.exe" "http://www.dexform.com/download/boscard-template"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3076"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2632 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
3221225547
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1640C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3024"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YWYM7KDH\Boscard_template[1].doc"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Exit code:
0
Version:
14.0.6024.1000
Modules
Images
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
1104"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /EmbeddingC:\Program Files\Microsoft Office\Office14\WINWORD.EXEWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Word
Exit code:
0
Version:
14.0.6024.1000
Modules
Images
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
2168"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2576"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6c59a9d0,0x6c59a9e0,0x6c59a9ecC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3460"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3416 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
3956"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1036,201620715741269248,5800790552721462236,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=623018633029377106 --mojo-platform-channel-handle=1044 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2740"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1036,201620715741269248,5800790552721462236,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=6993927235885524777 --mojo-platform-channel-handle=1616 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
3 689
Read events
3 081
Write events
586
Delete events
22

Modification events

(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{1DC13FEF-BDCE-11E9-9885-5254004A04AF}
Value:
0
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307080002000D000D001B0026009C01
Executable files
0
Suspicious files
293
Text files
303
Unknown types
28

Dropped files

PID
Process
Filename
Type
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XP15E80J\boscard-template[1].txt
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3076iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txttext
MD5:1A138064DCFB5B3CB7CCCE99E3BF312D
SHA256:4A2737BC0DE7F78090E91261799BE48156C8FCEE89C0D213831E4E6F2F5A694A
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:8D348D493822FBEE929287C68EBC7E18
SHA256:2AC953E8699191532F1DE3F1A0C4D78998E5AF1772C351E5FE03588655047450
3076iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:EF860AF080215DC63177CD3AD1A7AD94
SHA256:1DCCD543F5FE99FB55124567BC732E828CED8B1FE581EEAFA0EB57DCA56CD422
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:FB91FF1BD7C0A7BEB1D841453328159E
SHA256:6647AE6C910899A2A6A5A87A8560D83734DD164DAA35EAA92CA55F8EF96DC34E
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XP15E80J\site[1].csstext
MD5:4662D23E98698C7C8989A1FF49B465D9
SHA256:18C78DE5D10E9FE07A095A7C793E96085CB6038E3AED2CE2ADEAB055BF205800
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YWYM7KDH\custom[1].csstext
MD5:FC28073B0CE790A3ADD339D922CDC776
SHA256:E9E53BF06EE7DEAD744533F94CEF57BD7A6CA18C99BA61B5594911ACCBCF6D17
3076iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YWYM7KDH\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
78
TCP/UDP connections
223
DNS requests
153
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3076
iexplore.exe
GET
200
104.28.4.241:80
http://www.dexform.com/download/boscard-template
US
html
5.48 Kb
shared
3076
iexplore.exe
GET
200
172.217.16.174:80
http://www.google-analytics.com/analytics.js
US
text
17.3 Kb
whitelisted
3076
iexplore.exe
GET
200
104.28.4.241:80
http://static.dexform.com/static/general/dexform/images/tokcha-banner2.jpg
US
image
43.2 Kb
suspicious
3076
iexplore.exe
GET
200
104.28.4.241:80
http://static.dexform.com/static/general/dexform/images/logo.png
US
image
4.67 Kb
suspicious
3076
iexplore.exe
GET
200
104.28.4.241:80
http://static.dexform.com/static/general/dexform/css/site.css
US
text
21.8 Kb
suspicious
2632
iexplore.exe
GET
200
104.28.4.241:80
http://www.dexform.com/favicon.ico
US
image
238 b
shared
3076
iexplore.exe
GET
200
104.28.4.241:80
http://static.dexform.com/static//general/dexform/css/html.css
US
text
715 b
suspicious
3076
iexplore.exe
GET
200
104.28.4.241:80
http://www.dexform.com/download/boscard-template/document-download
US
html
3.16 Kb
shared
3076
iexplore.exe
GET
200
104.28.4.241:80
http://www.dexform.com/captcha/image/3dcf539319df437defddc2cffa4fe7e460a5121f/
US
image
5.28 Kb
shared
3076
iexplore.exe
GET
200
172.217.23.170:80
http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&lang=en
US
text
167 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3076
iexplore.exe
172.217.18.98:80
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
3076
iexplore.exe
216.58.205.234:443
ajax.googleapis.com
Google Inc.
US
whitelisted
2632
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3076
iexplore.exe
172.217.16.174:80
www.google-analytics.com
Google Inc.
US
whitelisted
3076
iexplore.exe
172.217.23.170:80
fonts.googleapis.com
Google Inc.
US
whitelisted
2740
chrome.exe
172.217.21.205:443
accounts.google.com
Google Inc.
US
whitelisted
3076
iexplore.exe
104.28.4.241:80
www.dexform.com
Cloudflare Inc
US
shared
3076
iexplore.exe
23.111.8.154:80
oss.maxcdn.com
netDNA
US
unknown
2740
chrome.exe
172.217.16.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3076
iexplore.exe
216.58.207.67:80
fonts.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.dexform.com
  • 104.28.4.241
  • 104.28.5.241
unknown
static.dexform.com
  • 104.28.4.241
  • 104.28.5.241
suspicious
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
fonts.googleapis.com
  • 172.217.23.170
  • 172.217.16.138
whitelisted
fonts.gstatic.com
  • 216.58.207.67
  • 172.217.23.131
  • 172.217.22.67
whitelisted
oss.maxcdn.com
  • 23.111.8.154
whitelisted
pagead2.googlesyndication.com
  • 172.217.18.98
  • 216.58.206.2
whitelisted
ajax.googleapis.com
  • 216.58.205.234
  • 172.217.21.234
  • 172.217.22.10
  • 172.217.18.10
  • 172.217.18.170
  • 172.217.23.138
  • 216.58.206.10
  • 216.58.207.74
  • 172.217.16.170
  • 216.58.208.42
  • 172.217.16.138
  • 172.217.22.42
  • 172.217.22.74
  • 172.217.22.106
  • 216.58.210.10
  • 172.217.18.106
  • 172.217.23.170
  • 172.217.21.202
  • 216.58.207.42
whitelisted
www.google-analytics.com
  • 172.217.16.174
  • 216.58.210.14
whitelisted

Threats

No threats detected
No debug info