analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

linkopen.ps1

Full analysis: https://app.any.run/tasks/2fd7608c-8213-4900-ac33-b6546aa2da6b
Verdict: Malicious activity
Analysis date: January 24, 2022, 15:55:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with CRLF line terminators
MD5:

E76570D2CE4D41188A5B93911008C050

SHA1:

D5EB186398E31B6334D86238C3E2A713CBF5425E

SHA256:

3EB11EA0713393383402AA12365E2A03AB4B219BF6649E4E676683C883CCC745

SSDEEP:

6:yoI5Phn23fLTuOmuLFnAdcP/a2VJjjAgG:yoY2DqOmuLV4cqyRjZG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads the date of Windows installation

      • powershell.exe (PID: 2200)
      • powershell.exe (PID: 1888)
    • Creates files in the user directory

      • powershell.exe (PID: 2200)
      • powershell.exe (PID: 1888)
    • Checks supported languages

      • powershell_ise.exe (PID: 2284)
      • powershell.exe (PID: 2200)
      • powershell.exe (PID: 1888)
    • Reads the computer name

      • powershell.exe (PID: 2200)
      • powershell_ise.exe (PID: 2284)
      • powershell.exe (PID: 1888)
    • PowerShell script executed

      • powershell.exe (PID: 2200)
      • powershell.exe (PID: 1888)
    • Executed via COM

      • iexplore.exe (PID: 3100)
    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 1312)
      • iexplore.exe (PID: 444)
      • iexplore.exe (PID: 2896)
      • iexplore.exe (PID: 2600)
      • iexplore.exe (PID: 1232)
      • iexplore.exe (PID: 1752)
      • iexplore.exe (PID: 3948)
      • iexplore.exe (PID: 2376)
      • iexplore.exe (PID: 2424)
      • iexplore.exe (PID: 2492)
  • INFO

    • Reads the computer name

      • explorer.exe (PID: 1004)
      • WISPTIS.EXE (PID: 2144)
      • notepad.exe (PID: 2320)
      • iexplore.exe (PID: 3100)
      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 1312)
      • iexplore.exe (PID: 2896)
      • iexplore.exe (PID: 444)
      • iexplore.exe (PID: 2600)
      • iexplore.exe (PID: 1232)
      • iexplore.exe (PID: 1752)
      • iexplore.exe (PID: 3948)
      • iexplore.exe (PID: 2376)
      • iexplore.exe (PID: 2492)
      • iexplore.exe (PID: 2424)
    • Checks supported languages

      • explorer.exe (PID: 1004)
      • WISPTIS.EXE (PID: 2144)
      • notepad.exe (PID: 2320)
      • iexplore.exe (PID: 3100)
      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 2896)
      • iexplore.exe (PID: 1312)
      • iexplore.exe (PID: 2600)
      • iexplore.exe (PID: 444)
      • iexplore.exe (PID: 1752)
      • iexplore.exe (PID: 1232)
      • iexplore.exe (PID: 3948)
      • iexplore.exe (PID: 2492)
      • iexplore.exe (PID: 2376)
      • iexplore.exe (PID: 2424)
    • Manual execution by user

      • explorer.exe (PID: 1004)
      • powershell_ise.exe (PID: 2284)
      • notepad.exe (PID: 2320)
      • powershell.exe (PID: 1888)
    • Checks Windows Trust Settings

      • powershell.exe (PID: 2200)
      • powershell_ise.exe (PID: 2284)
      • powershell.exe (PID: 1888)
      • iexplore.exe (PID: 2896)
      • iexplore.exe (PID: 444)
      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 2600)
      • iexplore.exe (PID: 1312)
      • iexplore.exe (PID: 3100)
      • iexplore.exe (PID: 1752)
      • iexplore.exe (PID: 1232)
      • iexplore.exe (PID: 3948)
      • iexplore.exe (PID: 2492)
      • iexplore.exe (PID: 2424)
      • iexplore.exe (PID: 2376)
    • Reads settings of System Certificates

      • powershell_ise.exe (PID: 2284)
      • iexplore.exe (PID: 2896)
      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 444)
      • iexplore.exe (PID: 1312)
      • iexplore.exe (PID: 2600)
      • iexplore.exe (PID: 3100)
      • iexplore.exe (PID: 1232)
      • iexplore.exe (PID: 1752)
      • iexplore.exe (PID: 3948)
      • iexplore.exe (PID: 2424)
      • iexplore.exe (PID: 2492)
      • iexplore.exe (PID: 2376)
    • Changes internet zones settings

      • iexplore.exe (PID: 3100)
    • Application launched itself

      • iexplore.exe (PID: 3100)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3980)
      • iexplore.exe (PID: 2896)
      • iexplore.exe (PID: 444)
      • iexplore.exe (PID: 2600)
      • iexplore.exe (PID: 1312)
      • iexplore.exe (PID: 2376)
      • iexplore.exe (PID: 1232)
      • iexplore.exe (PID: 3948)
      • iexplore.exe (PID: 2492)
      • iexplore.exe (PID: 1752)
      • iexplore.exe (PID: 2424)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3100)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3100)
    • Creates files in the user directory

      • iexplore.exe (PID: 1312)
      • iexplore.exe (PID: 1232)
      • iexplore.exe (PID: 1752)
      • iexplore.exe (PID: 2896)
      • iexplore.exe (PID: 2600)
      • iexplore.exe (PID: 2492)
      • iexplore.exe (PID: 3948)
      • iexplore.exe (PID: 2424)
      • iexplore.exe (PID: 3100)
    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 1752)
      • iexplore.exe (PID: 1232)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
61
Monitored processes
19
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start powershell.exe no specs explorer.exe no specs powershell_ise.exe no specs wisptis.exe no specs wisptis.exe notepad.exe no specs powershell.exe no specs iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2200"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-file" "C:\Users\admin\AppData\Local\Temp\linkopen.ps1"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\atl.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
1004"C:\Windows\explorer.exe" C:\Windows\explorer.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2284"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\admin\AppData\Local\Temp\linkopen.ps1"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell ISE
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell_ise.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3656"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\SYSTEM32\WISPTIS.EXEpowershell_ise.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Pen and Touch Input Component
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wisptis.exe
c:\windows\system32\ntdll.dll
2144"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\SYSTEM32\WISPTIS.EXE
powershell_ise.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Pen and Touch Input Component
Exit code:
24
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wisptis.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
2320"C:\Windows\system32\notepad.exe" C:\Windows\system32\notepad.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1888"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-file" "C:\Users\admin\AppData\Local\Temp\linkopen.ps1"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
3100"C:\Program Files\Internet Explorer\iexplore.exe" -EmbeddingC:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3980"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3100 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
1312"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3100 CREDAT:3937546 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
106 886
Read events
105 619
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
51
Text files
147
Unknown types
38

Dropped files

PID
Process
Filename
Type
2320notepad.exeC:\Users\admin\AppData\Local\Temp\urls.txttext
MD5:1ECD8CA3F9B5BDF2C591814FDFFA1AB0
SHA256:C340252D840EEE2FD684EF2E2C9C333323DB1127E25B9CA4FE508296F7BC6527
1888powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1348d4.TMPbinary
MD5:4073CAF812E4177CDB31D67565569AC3
SHA256:B8DA5247386DFB5CB8242B9E02D47A28F1BB5212BC39843C415F439108728074
2284powershell_ise.exeC:\Users\admin\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\4doauuka.newcfgxml
MD5:8FF308361167C670D2C17F4958C7F152
SHA256:A6B0DF6E3B2EF88AD8F6A0B923C9E1C968F05116EB914FD4194E19BCA82259C6
1888powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GDR740HGAE14R5MNO30L.tempbinary
MD5:4073CAF812E4177CDB31D67565569AC3
SHA256:B8DA5247386DFB5CB8242B9E02D47A28F1BB5212BC39843C415F439108728074
2200powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:4073CAF812E4177CDB31D67565569AC3
SHA256:B8DA5247386DFB5CB8242B9E02D47A28F1BB5212BC39843C415F439108728074
2200powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UPGHTF20LVD5KE8ZJDWX.tempbinary
MD5:4073CAF812E4177CDB31D67565569AC3
SHA256:B8DA5247386DFB5CB8242B9E02D47A28F1BB5212BC39843C415F439108728074
1888powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msbinary
MD5:4073CAF812E4177CDB31D67565569AC3
SHA256:B8DA5247386DFB5CB8242B9E02D47A28F1BB5212BC39843C415F439108728074
2284powershell_ise.exeC:\Users\admin\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\user.configxml
MD5:8FF308361167C670D2C17F4958C7F152
SHA256:A6B0DF6E3B2EF88AD8F6A0B923C9E1C968F05116EB914FD4194E19BCA82259C6
2200powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF112e21.TMPbinary
MD5:CCFCF369F751CE8DA0370D84E52A7EED
SHA256:53922490C3F5A04667EC3605A01AF2A4F4F265782D1BCA519F63ACAD413F2ED9
2284powershell_ise.exeC:\Users\admin\AppData\Local\Temp\mnovv5kl.daj.psm1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
55
TCP/UDP connections
247
DNS requests
60
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2896
iexplore.exe
GET
200
23.45.103.152:80
http://ocsp.entrust.net/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCDA7pTMMAAAAAUdN3hQ%3D%3D
NL
der
1.55 Kb
whitelisted
1232
iexplore.exe
GET
304
108.156.253.131:80
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA7zckiTobF32DYPEen3xMk%3D
US
whitelisted
1312
iexplore.exe
GET
302
44.239.215.242:80
http://scysvr03.r.us-west-2.awstrack.me/L0/http:%2F%2Fwww.luckybeanmi.com/1/0101017e82be37d6-767ae297-1172-4715-9f67-a576472bcf4a-000000/9IFohPuojNNETBzikJhuc4qkPUw=255
US
unknown
3980
iexplore.exe
GET
200
23.45.103.152:80
http://ocsp.entrust.net/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCDA7pTMMAAAAAUdN3hQ%3D%3D
NL
der
1.55 Kb
whitelisted
3980
iexplore.exe
GET
200
44.239.215.242:80
http://scysvr03.r.us-west-2.awstrack.me/I0/0101017e82be37d6-767ae297-1172-4715-9f67-a576472bcf4a-000000/HtWr39GbOR02BkYVmQtOSu4xyos=255
US
image
43 b
unknown
2600
iexplore.exe
GET
200
23.45.103.152:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTMbSIc9rRVLC%2BHkV9a%2FvDh7s6DzAQUgqJwdN28Uz%2FPe9T3zX%2BnYMYKTL8CEEmuXEkUe%2BmNeEGlr9E1UFw%3D
NL
der
1.55 Kb
whitelisted
2600
iexplore.exe
GET
200
23.45.103.152:80
http://ocsp.entrust.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBQsSqZpWQuWOxHU9pAda%2B7Lf6V20AQUaJDkZ6SmU4DHhmak8fdLQ%2FuEvW0CBFHTQEQ%3D
NL
der
1.53 Kb
whitelisted
2896
iexplore.exe
GET
200
143.204.101.74:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
2896
iexplore.exe
GET
200
143.204.101.99:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
1232
iexplore.exe
GET
200
143.204.101.99:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2896
iexplore.exe
151.101.1.49:443
images-production-s.squarecdn.com
Fastly
US
suspicious
3980
iexplore.exe
151.101.1.49:443
images-production-s.squarecdn.com
Fastly
US
suspicious
444
iexplore.exe
151.101.1.49:443
images-production-s.squarecdn.com
Fastly
US
suspicious
3100
iexplore.exe
44.239.215.242:80
scysvr03.r.us-west-2.awstrack.me
University of California, San Diego
US
unknown
1312
iexplore.exe
44.239.215.242:80
scysvr03.r.us-west-2.awstrack.me
University of California, San Diego
US
unknown
2896
iexplore.exe
23.45.103.152:80
ocsp.entrust.net
Akamai International B.V.
NL
suspicious
3980
iexplore.exe
44.239.215.242:80
scysvr03.r.us-west-2.awstrack.me
University of California, San Diego
US
unknown
2896
iexplore.exe
67.27.233.126:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
444
iexplore.exe
67.27.233.126:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
3980
iexplore.exe
23.45.103.152:80
ocsp.entrust.net
Akamai International B.V.
NL
suspicious

DNS requests

Domain
IP
Reputation
scysvr03.r.us-west-2.awstrack.me
  • 44.239.215.242
  • 35.165.95.128
  • 54.148.97.172
unknown
images-production-s.squarecdn.com
  • 151.101.1.49
  • 151.101.65.49
  • 151.101.129.49
  • 151.101.193.49
suspicious
ctldl.windowsupdate.com
  • 67.27.233.126
  • 8.253.95.120
  • 67.26.81.254
  • 8.248.115.254
  • 67.27.158.126
whitelisted
ocsp.entrust.net
  • 23.45.103.152
whitelisted
profile.squareup.com
  • 74.122.189.141
  • 74.122.190.77
unknown
www.luckybeanmi.com
  • 199.34.228.191
malicious
buyerportal-fe-production-f.squarecdn.com
  • 151.101.1.49
  • 151.101.65.49
  • 151.101.129.49
  • 151.101.193.49
suspicious
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
  • 131.253.33.200
  • 13.107.22.200
whitelisted
api.bing.com
  • 13.107.13.80
whitelisted
o.ss2.us
  • 143.204.101.99
  • 143.204.101.195
  • 143.204.101.177
  • 143.204.101.123
whitelisted

Threats

No threats detected
No debug info