URL:

https://url.us.m.mimecastprotect.com/s/r4RkCgJV9XHwgNL1zSNf4c41_i1?domain=factsplat.com

Full analysis: https://app.any.run/tasks/9339fbfd-10b7-4fdb-b1ab-53d2fd1816a6
Verdict: Malicious activity
Analysis date: April 15, 2025, 19:22:39
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
MD5:

080CFB81506CDC1CF293A9E64CD2CEC6

SHA1:

7D9C4B3CA78B9C8E6AFEA9AC2300927613735A86

SHA256:

F1F4EA71FE997B0E1E2992881B933531422B4D580E787745BD3401AE8FF6E9F1

SSDEEP:

3:N8UjmTSC8ugoPRQRqGMp:2Ujww2p

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
0
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details

Process information

No data
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
333
TCP/UDP connections
125
DNS requests
100
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3080
MoUsoCoreWorker.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3172
RUXIMICS.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
588
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3080
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3172
RUXIMICS.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
588
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
307
13.107.253.45:443
https://url.us.m.mimecastprotect.com/s/r4RkCgJV9XHwgNL1zSNf4c41_i1?domain=factsplat.com
unknown
POST
403
23.52.120.96:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
html
386 b
whitelisted
GET
200
104.26.4.174:443
https://factsplat.com/shared?token=z-5Fn0BgOARiJJjHDjL0OeKbdqbHqlhncvBlm1cE990
unknown
html
15.2 Kb
POST
200
40.126.31.67:443
https://login.live.com/RST2.srf
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3080
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
239.255.255.250:1900
whitelisted
588
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3172
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
20.190.160.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3172
RUXIMICS.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3080
MoUsoCoreWorker.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
588
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1104
svchost.exe
2.19.106.8:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
3080
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.160.3
  • 20.190.160.128
  • 20.190.160.67
  • 20.190.160.17
  • 20.190.160.20
  • 40.126.32.76
  • 20.190.160.4
  • 40.126.32.74
whitelisted
google.com
  • 142.250.186.174
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
  • 23.48.23.147
  • 23.48.23.141
  • 23.48.23.138
  • 23.48.23.193
  • 23.48.23.145
  • 23.48.23.191
  • 23.48.23.190
  • 23.48.23.143
  • 23.48.23.194
whitelisted
go.microsoft.com
  • 2.19.106.8
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 23.52.120.96
whitelisted
url.us.m.mimecastprotect.com
  • 207.211.31.64
  • 205.139.111.113
  • 205.139.111.117
  • 207.211.31.106
  • 205.139.111.12
  • 207.211.31.113
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
factsplat.com
  • 104.26.4.174
  • 172.67.70.80
  • 104.26.5.174
unknown
www.bing.com
  • 2.16.241.218
  • 2.16.241.201
  • 2.16.241.205
  • 92.123.104.29
  • 92.123.104.33
  • 92.123.104.16
  • 92.123.104.37
  • 92.123.104.36
  • 92.123.104.13
  • 92.123.104.25
  • 92.123.104.23
  • 92.123.104.32
  • 2.16.241.222
  • 2.16.241.207
  • 2.19.96.91
  • 2.19.96.128
  • 2.19.96.129
  • 2.19.96.8
  • 2.19.96.16
  • 2.19.96.88
  • 2.19.96.120
  • 2.19.96.130
  • 2.19.96.90
whitelisted
v10.events.data.microsoft.com
  • 20.42.65.91
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://url.us.m.mimecastprotect.com/s/r4RkCgJV9XHwgNL1zSNf4c41_i1?domain=factsplat.com