URL:

https://ippure.com

Full analysis: https://app.any.run/tasks/8915ee49-6191-4e67-a8bf-de73ce5321b3
Verdict: Malicious activity
Analysis date: April 30, 2026, 15:09:43
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
Indicators:
MD5:

4B771A58BD1B937AAE45C734E8EAC7AC

SHA1:

D096930021A9061ADCB5CAF873D9B43E25912BBC

SHA256:

49FDA5AD59D72C8BE3193D8503C49E93E53F92D97EA545DE9C2E3AF4C4CD7CDD

SSDEEP:

3:N8DXA2:2Dx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7028)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
144
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
8
Text files
16
Unknown types
0

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5binary
MD5:A39FED382B030A4CED00FF0E11EE4AA5
SHA256:628841F648D8B09E75B92DCBDCB35F93FE06E7E0C5E3356535545ACDB28AC0DF
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8binary
MD5:0283403EEFB98CD1C8E025EECD58F61D
SHA256:A078E3AFD994DC0D24A1406A70DC219F3A768DCDD1392A5CEFB653F7E91F6304
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bbbinary
MD5:DBD4A45DB9B34CB2F293BE7086E958AC
SHA256:F7AB715CAA2C78FACB4334B211C81EE66F037CF9C99CA3F24ACD543E84A93278
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdcompressed
MD5:F3AD19FDBD15A27B32A4D25E49CC266E
SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3binary
MD5:4A1557CFF8BF4FE2D08BB0B861459E02
SHA256:03149B25DCAAEFA0F423680090DF7B226097D1D690ED2F3BBAC2C7D510AF7D0A
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7text
MD5:7103BC926CBF499750082FB939A751A2
SHA256:F5C490BF7E3E7657DE6D235A521024176C7F9A417B57FFB229F9CCEF64BA2C4C
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6binary
MD5:B6EB7C308E1063824EDF9CCCE00340AC
SHA256:A9BF2F40A34800E700163FE681A2FEE43748B8AE258814D87BBA2B3F20447811
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9binary
MD5:B0F73D8AF45C6D0119B8F93F923AAD37
SHA256:EE319C23C014F00B1248A3D74CF0CF163679A79FF208E32130246BE9C3D90FDB
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000babinary
MD5:183926E6E593A30AE84E53C309392DA5
SHA256:6E91597638A398655010554C309101093D9552F7CC2401C6D86E09450CF6134C
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bcimage
MD5:B8AE56D24B5BB14CB2F325E623DB4D1E
SHA256:0462795F2F5BF653414339FD5A5910E44F6557F7B90635D5ED9F51EC958F5AB8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
118
TCP/UDP connections
150
DNS requests
76
Threats
21

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7916
RUXIMICS.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
GET
200
104.21.79.4:443
https://ippure.com/
US
html
25.9 Kb
unknown
7028
msedge.exe
GET
200
104.21.79.4:443
https://ippure.com/assets/style.BP0Mf_z8.css
US
text
1.31 Mb
unknown
7028
msedge.exe
GET
200
104.21.79.4:443
https://ippure.com/assets/chunks/theme.BptVclww.js
US
text
74.1 Kb
unknown
7028
msedge.exe
GET
200
92.123.104.7:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
text
665 Kb
whitelisted
7028
msedge.exe
GET
200
104.21.79.4:443
https://ippure.com/assets/chunks/framework.BlU6UeT_.js
US
text
107 Kb
unknown
7028
msedge.exe
GET
200
104.21.79.4:443
https://ippure.com/assets/chunks/IPDataTable.l2wAzE9Z.js
US
text
47.7 Kb
unknown
5336
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7028
msedge.exe
GET
200
104.21.79.4:443
https://ippure.com/assets/chunks/security.D_hK1zoa.js
US
text
4.38 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7916
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5240
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7028
msedge.exe
224.0.0.251:5353
whitelisted
7028
msedge.exe
92.123.104.54:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
172.67.139.58:443
ippure.com
CLOUDFLARENET
US
whitelisted
5240
svchost.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7916
RUXIMICS.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5240
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.251.127.100
  • 142.251.127.102
  • 142.251.127.138
  • 142.251.127.139
  • 142.251.127.113
  • 142.251.127.101
whitelisted
www.bing.com
  • 92.123.104.54
  • 92.123.104.61
  • 92.123.104.63
  • 92.123.104.62
  • 92.123.104.51
  • 92.123.104.59
  • 92.123.104.58
  • 92.123.104.50
  • 92.123.104.56
whitelisted
ippure.com
  • 172.67.139.58
  • 104.21.79.4
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.120
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
static.cloudflareinsights.com
  • 104.16.79.73
  • 104.16.80.73
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
fs.microsoft.com
  • 23.197.142.186
whitelisted
xpaywalletcdn.azureedge.net
  • 150.171.109.194
whitelisted
a.nel.cloudflare.com
  • 35.190.80.1
whitelisted

Threats

PID
Process
Class
Message
5240
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7028
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (icanhazip .com)
7028
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (icanhazip .com)
7028
msedge.exe
Device Retrieving External IP Address Detected
ET INFO Observed External IP Lookup Domain (icanhazip .com in TLS SNI)
Attempted Information Leak
ET INFO IP Check Domain (icanhazip. com in HTTP Host)
Attempted Information Leak
ET INFO IP Check Domain (icanhazip. com in HTTP Host)
7028
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
7028
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://ippure.com