Malware analysis livesport24.watch Malicious activity

Add for printing

URL:	livesport24.watch
Full analysis:	https://app.any.run/tasks/6d2f61aa-0aa8-4931-8bfa-a0a2a9072225
Verdict:	Malicious activity
Analysis date:	October 28, 2025, 00:20:58
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	obfuscated-js phishing
Indicators:
MD5:	0D5E6444DB5099A77BA24A1AD0DB1DD8
SHA1:	DBB3F2F53BFE0FCF12CD52CFC9FCFE0CE85844A2
SHA256:	46F88C86698BB36F7255066E42DA91FD546150C6A7ED4E786ECAF69984D932B5
SSDEEP:	3:QA5rYn:QA5rY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
- PHISHING has been detected (SURICATA)
  - msedge.exe (PID: 6612)
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

165

Monitored processes

1

Malicious processes

1

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
6612	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2268,i,4483529040041015744,4079588458005810556,262144 --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:3	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe		msedge.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 133.0.3065.92

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

37

Text files

4

Unknown types

2

Dropped files

PID	Process	Filename		Type
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8		compressed
		MD5:C5083666690967D4B636CC9BD0D538A5	SHA256:24C6F058CAC386E8819C1136B11B8C1791E2F5333F7535F43B2D3A89495C7084
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9		compressed
		MD5:12F472CAE79283462298F172CB76AAD8	SHA256:51CD1B4B5F9F4473458EC1AA7313C3B9FDF015E0F0B880EFDA81B05435949350
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ba		binary
		MD5:2B7F3810D726008AD4042F3A515FE063	SHA256:42A1BD03FE38C53C29B6E5CE0B817F125CAD09AFD1C25D5D84DB9696AE440816
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb		compressed
		MD5:6C29F507200D593E789879F0DC646DE7	SHA256:0106CF4FA555D97FE25BA8CDFCDF66926AA37E0C39FA7A10F7F8A22F41681F29
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bd		image
		MD5:AC7A94F80E5CCC82273BEC87042FD1C1	SHA256:534525FF88B5145D6267834D38F634538C3FED10B9603AEFC7279B9501160F81
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bf		image
		MD5:6736618FB120EE3BFA83AABFA8A609A1	SHA256:E2B806A61E1436089C586914404384F143ACC7CCFE491E35D0B26E531970C1DE
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1		binary
		MD5:C971847BE1CD6C17ABCA74025B4F36AE	SHA256:155963E3FB06F13011705C65BC52ED31F9989B87309C945948A76B35F8E7DA67
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c4		compressed
		MD5:1DB25D18A0411135EBBF73996C26787D	SHA256:2A8D2722E8670ED4D39E5DF7FC83F9A2092F1925443FDE8A94C494D8E7C12EDA
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3		compressed
		MD5:D71CB11BFE1CD81855EAF8EAB9617EF4	SHA256:B2BCAD68891482FE723E5FEFA0F145B7B48332B3BE1FFA533C1DAFC88D9838B0
6612	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc		compressed
		MD5:455CC6C3D25E197D9647DD42676644C8	SHA256:D497D6BC810ED94B71D2E001768C9FC043AA8CA888864B44CE143B695CE01599

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

438

TCP/UDP connections

219

DNS requests

237

Threats

27

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
7232	RUXIMICS.exe	GET	200	95.101.78.72:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
6316	svchost.exe	GET	200	2.23.181.156:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	200	172.67.204.113:443	https://livesport24.watch/	unknown	html	78.5 Kb	—
—	—	GET	200	2.16.204.141:443	https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json	unknown	binary	656 Kb	—
—	—	POST	200	150.171.27.11:443	https://edge.microsoft.com/componentupdater/api/v1/update	unknown	text	1.57 Kb	—
6612	msedge.exe	GET	403	185.160.60.100:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/550117a4-8c0f-4d0d-8ff8-7c3caccb0e8a?P1=1757972498&P2=404&P3=2&P4=SosfgGvPP%2bqG%2fKPFOnStRp0ebgR4wibSifLIFAVozbIX%2fohzlu3OKFqIl2l0qzX%2bohjhEGOVS0QtuGPmE2Wd%2bQ%3d%3d	unknown	—	—	whitelisted
—	—	GET	200	142.250.186.72:443	https://www.googletagmanager.com/gtag/js?id=UA-19803765-1	unknown	binary	282 Kb	—
—	—	GET	200	142.250.184.196:443	https://derideskid.com/c5/77/68/c577687513733bdd03c7124f62186f8c.js	unknown	binary	104 Kb	—
5336	MoUsoCoreWorker.exe	GET	200	95.101.78.72:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
7548	svchost.exe	GET	200	2.23.181.156:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
3720	msedge.exe	224.0.0.251:5353	—	—	—	whitelisted
6612	msedge.exe	185.160.60.100:80	msedge.b.tlu.dl.delivery.mp.microsoft.com	VELTON.TELECOM Ltd	UA	whitelisted
6316	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
7232	RUXIMICS.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
5336	MoUsoCoreWorker.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
7548	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
6612	msedge.exe	184.86.251.27:443	www.bing.com	Akamai International B.V.	DE	whitelisted
6612	msedge.exe	172.67.204.113:443	livesport24.watch	CLOUDFLARENET	US	unknown
6612	msedge.exe	172.67.204.113:80	livesport24.watch	CLOUDFLARENET	US	unknown
6612	msedge.exe	150.171.27.11:443	edge.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted

DNS requests

Domain	IP	Reputation
msedge.b.tlu.dl.delivery.mp.microsoft.com	185.160.60.100 199.232.214.172 199.232.210.172	whitelisted
settings-win.data.microsoft.com	51.124.78.146 4.231.128.59	whitelisted
google.com	172.217.23.110	whitelisted
www.bing.com	184.86.251.27 184.86.251.22 2.16.241.201 2.16.241.218 2.19.122.58 2.19.122.46 2.19.122.26 2.19.122.31 2.19.122.50 2.19.122.65 2.19.122.22 2.19.122.59 2.19.122.25 2.16.204.161 2.16.204.141	whitelisted
livesport24.watch	172.67.204.113 104.21.85.100	unknown
edge.microsoft.com	150.171.27.11 150.171.28.11	whitelisted
www.googletagmanager.com	142.250.186.72	whitelisted
derideskid.com	172.240.108.68 172.240.253.132 172.240.108.84 172.240.127.243 172.240.127.234 172.240.108.76 172.240.127.242 172.240.127.244	unknown
fs.microsoft.com	23.212.222.21	whitelisted
crl.microsoft.com	95.101.78.72 95.101.78.98	whitelisted

Threats

PID	Process	Class	Message
6612	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6612	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
—	—	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
6612	msedge.exe	Misc activity	INFO [ANY.RUN] .cc TLD domain request
6612	msedge.exe	Potentially Bad Traffic	SUSPICIOUS [ANY.RUN] Possible Malicious CrossDomain (wayfarerorthodox .com)
—	—	Misc activity	SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
6612	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
6612	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
6612	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Global content delivery network (unpkg .com)
6612	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)

Add for printing

No debug info

General Info

livesport24.watch

0D5E6444DB5099A77BA24A1AD0DB1DD8

DBB3F2F53BFE0FCF12CD52CFC9FCFE0CE85844A2

46F88C86698BB36F7255066E42DA91FD546150C6A7ED4E786ECAF69984D932B5

3:QA5rYn:QA5rY

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

PHISHING has been detected (SURICATA)

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings