URL:

https://linkprotect.cudasvc.com/url?a=https://readdy.site/share/fa6bed4247e18c8f5faf503adb0df353&c=E,1,IIiic01Z_xqU1nJsiK9sH5V6RFEEvXvRap9mvU1U4e6esq_w7bJS5tvXmPL_3H-gsInFNLQ_97l51iJeaT3D6VgwY5KYrPNCo3VABgHeTaKENrDEHtTt&typo=1

Full analysis: https://app.any.run/tasks/227e563f-f5eb-45d6-8abb-a279b6117104
Verdict: Malicious activity
Analysis date: April 15, 2025, 17:47:24
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
storm1747
tycoon
MD5:

67D05369D6D67CFC34C524A67DE530FD

SHA1:

E8C9E9C6B8B5BAF503212AAE1218D3F3161D8F9F

SHA256:

7C4F67EE9003D19224717118E2E45F7659C39676F421498E4BCD78A63BE8D88F

SSDEEP:

6:2MBtsYC0Nhyk3WqU5v6Qr38ipgu60W+4Vuf5:2M5Sqnogu6v+4W

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
155
Monitored processes
0
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details

Process information

No data
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
108
TCP/UDP connections
111
DNS requests
112
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
108.138.26.27:443
https://static.readdy.ai/static/share.js
unknown
POST
23.35.229.160:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
whitelisted
POST
403
23.35.229.160:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
POST
403
23.35.229.160:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
POST
403
23.35.229.160:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
POST
403
23.35.229.160:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
POST
403
23.35.229.160:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
GET
302
3.76.92.228:443
https://linkprotect.cudasvc.com/url?a=https://readdy.site/share/fa6bed4247e18c8f5faf503adb0df353&c=E,1,IIiic01Z_xqU1nJsiK9sH5V6RFEEvXvRap9mvU1U4e6esq_w7bJS5tvXmPL_3H-gsInFNLQ_97l51iJeaT3D6VgwY5KYrPNCo3VABgHeTaKENrDEHtTt&typo=1
unknown
html
138 b
whitelisted
GET
200
18.244.18.77:443
https://readdy.site/share/fa6bed4247e18c8f5faf503adb0df353
unknown
html
9.43 Kb
GET
200
108.138.26.11:443
https://static.readdy.ai/static/e.js
unknown
binary
3.20 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.190.160.65:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.52.121.103:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
1104
svchost.exe
23.52.121.103:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
1396
msedge.exe
92.123.104.28:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1396
msedge.exe
18.192.180.120:443
linkprotect.cudasvc.com
AMAZON-02
DE
whitelisted
1396
msedge.exe
18.244.18.121:443
readdy.site
US
unknown
1396
msedge.exe
108.138.26.27:443
static.readdy.ai
AMAZON-02
US
unknown
172.217.16.195:443
fonts.gstatic.com
whitelisted
142.250.181.234:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
login.live.com
  • 20.190.160.65
  • 20.190.160.4
  • 20.190.160.17
  • 20.190.160.132
  • 20.190.160.3
  • 40.126.32.136
  • 20.190.160.22
  • 20.190.160.128
whitelisted
go.microsoft.com
  • 23.52.121.103
whitelisted
google.com
  • 172.217.16.206
whitelisted
www.bing.com
  • 92.123.104.28
  • 92.123.104.35
  • 92.123.104.40
  • 92.123.104.32
  • 92.123.104.37
  • 92.123.104.29
  • 92.123.104.26
  • 92.123.104.38
  • 92.123.104.43
  • 92.123.104.22
  • 92.123.104.14
  • 92.123.104.23
  • 92.123.104.19
  • 92.123.104.21
  • 92.123.104.17
  • 92.123.104.31
  • 92.123.104.36
  • 92.123.104.42
  • 92.123.104.34
  • 92.123.104.33
  • 2.16.204.143
  • 2.16.204.137
  • 2.16.204.136
  • 2.16.204.157
  • 2.16.204.160
  • 2.16.204.138
  • 2.16.204.132
  • 2.16.204.135
  • 2.16.204.144
  • 92.123.104.18
  • 92.123.104.11
  • 92.123.104.12
  • 92.123.104.16
  • 92.123.104.8
  • 92.123.104.10
  • 92.123.104.9
whitelisted
linkprotect.cudasvc.com
  • 18.192.180.120
  • 3.76.92.228
whitelisted
readdy.site
  • 18.244.18.121
  • 18.244.18.62
  • 18.244.18.5
  • 18.244.18.77
unknown
static.readdy.ai
  • 108.138.26.27
  • 108.138.26.129
  • 108.138.26.33
  • 108.138.26.11
unknown
fonts.googleapis.com
  • 142.250.181.234
whitelisted
fonts.gstatic.com
  • 172.217.16.195
whitelisted

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA HTTP response header invalid
Generic Protocol Command Decode
SURICATA HTTP invalid response field folding
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (uishkfyv .ru)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (uishkfyv .ru)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://linkprotect.cudasvc.com/url?a=https://readdy.site/share/fa6bed4247e18c8f5faf503adb0df353&c=E,1,IIiic01Z_xqU1nJsiK9sH5V6RFEEvXvRap9mvU1U4e6esq_w7bJS5tvXmPL_3H-gsInFNLQ_97l51iJeaT3D6VgwY5KYrPNCo3VABgHeTaKENrDEHtTt&typo=1