URL:

https://garagesalefinder.com/

Full analysis: https://app.any.run/tasks/027d5dc6-40ee-465c-814c-1337a5af2e0c
Verdict: Malicious activity
Analysis date: May 10, 2025, 04:44:23
OS: Windows 10 Professional (build: 19044, 64 bit)
MD5:

77F7496766A44940DF92934966456030

SHA1:

4ADE0498FA9B5EBB39B71AEA30FACEC66BC28472

SHA256:

5E3E3903F66E2B830AA9786FD61110354ABD99FF0EB4768ECA6A246B65BFCA8E

SSDEEP:

3:N8lfgAe2XyG:2+Ae2Xt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
193
Monitored processes
0
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details

Process information

No data
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
493
TCP/UDP connections
489
DNS requests
487
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
52.24.29.3:443
https://garagesalefinder.com/
unknown
html
16.7 Kb
whitelisted
GET
200
216.58.212.138:443
https://fonts.googleapis.com/css?family=Manrope:400,500,700&display=swap
unknown
text
6.28 Kb
whitelisted
GET
200
92.123.104.21:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
binary
654 Kb
whitelisted
POST
200
20.190.159.2:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
GET
200
52.24.29.3:443
https://gsf.tlstatic.com/3712881466/css/bbe3ff7911cc37df8c8003b53ca68025.css
unknown
text
205 Kb
GET
200
52.24.29.3:443
https://gsf.tlstatic.com/3712881466/images/tl-logo-color.svg
unknown
image
11.9 Kb
GET
200
52.40.212.154:443
https://gsf.tlstatic.com/3712881466/images/gsf-logo-wide.svg
unknown
image
23.2 Kb
POST
403
23.35.229.160:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
GET
200
52.24.29.3:443
https://gsf.tlstatic.com/3712881466/js/325bdcdf44805a8371dbffc568349278.js
unknown
binary
32.8 Kb
GET
200
52.40.212.154:443
https://gsf.tlstatic.com/3712881466/js/aeb00246599be0fcf3d04db4daa15db0.js
unknown
binary
13.2 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
239.255.255.250:1900
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1396
msedge.exe
52.40.212.154:443
garagesalefinder.com
AMAZON-02
US
whitelisted
4940
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1396
msedge.exe
142.250.185.170:443
fonts.googleapis.com
GOOGLE
US
whitelisted
1396
msedge.exe
104.18.20.206:443
a.pub.network
whitelisted
1396
msedge.exe
2.23.227.215:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
1396
msedge.exe
142.250.185.195:443
fonts.gstatic.com
GOOGLE
US
whitelisted
1396
msedge.exe
52.24.29.3:443
garagesalefinder.com
AMAZON-02
US
whitelisted
104.18.20.206:443
a.pub.network
CLOUDFLARENET
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.142
whitelisted
garagesalefinder.com
  • 52.40.212.154
  • 52.24.29.3
whitelisted
login.live.com
  • 40.126.32.140
  • 20.190.160.22
  • 40.126.32.76
  • 20.190.160.132
  • 20.190.160.4
  • 20.190.160.20
  • 20.190.160.128
  • 40.126.32.68
whitelisted
fonts.googleapis.com
  • 142.250.185.170
whitelisted
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
  • 2.16.241.201
  • 2.16.241.218
whitelisted
fonts.gstatic.com
  • 142.250.185.195
whitelisted
a.pub.network
  • 104.18.20.206
  • 104.18.21.206
whitelisted
gsf.tlstatic.com
  • 52.24.29.3
  • 52.40.212.154
unknown
crl.microsoft.com
  • 2.19.11.105
  • 2.19.11.120
  • 2.19.117.18
  • 2.19.117.22
whitelisted

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
Potentially Bad Traffic
ET INFO Referrer-Policy set to unsafe-url
Potentially Bad Traffic
ET INFO Referrer-Policy set to unsafe-url
Potentially Bad Traffic
ET INFO Referrer-Policy set to unsafe-url
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://garagesalefinder.com/