IOC Report
https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 54
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 55
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 56
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 57
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 58
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 59
ASCII text, with very long lines (50758)
downloaded
Chrome Cache Entry: 60
ASCII text, with very long lines (7043), with no line terminators
downloaded
Chrome Cache Entry: 61
ASCII text, with very long lines (42565)
downloaded
Chrome Cache Entry: 62
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 63
PNG image data, 5 x 56, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 64
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 65
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 66
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 67
PNG image data, 5 x 56, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 68
HTML document, ASCII text
downloaded
Chrome Cache Entry: 69
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 70
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 71
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 72
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 73
HTML document, ASCII text, with very long lines (4020)
downloaded
Chrome Cache Entry: 74
SVG Scalable Vector Graphics image
dropped
There are 12 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1688,i,15979487103102753842,16946115535192250729,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com"

URLs

Name
IP
Malicious
https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com
malicious
https://xdocusigniusmmxx.smumsmd.ws/
malicious
https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com
207.211.31.113
 malicious
https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153#
malicious
https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153
malicious
https://xdocusigniusmmxx.smumsmd.ws
unknown
 malicious
https://xdocusigniusmmxx.smumsmd.ws/favicon.ico
172.67.152.82
https://xdocusigniusmmxx.smumsmd.ws/js/22e5b4c111b0108bba7ee46e2d40390f663a7802b65d0
172.67.152.82
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/143092460:1715106335:6Gw8KaIj7os7kt6oOCLotTvfnJSoi5aQNMJKPJaHyoo/88036511fdd041ed/426cb81ad846907
104.17.3.184
https://xdocusigniusmmxx.smumsmd.ws/boot/22e5b4c111b0108bba7ee46e2d40390f663a7802b65cf
172.67.152.82
https://t.nypost.com/1/e/r?aqet=clk&r=7&ca=35203357&v0=noreply%40pnc.com&uu=65ea915e31188d84ac041994&ru=%68%74%74%70s%3a%2f%2fqubedigital.co.za%2fcgi
18.164.96.98
https://qubedigital.co.za/cgi
196.41.127.164
https://xdocusigniusmmxx.smumsmd.ws/jq/22e5b4c111b0108bba7ee46e2d40390f663a7802b65ca
172.67.152.82
https://xdocusigniusmmxx.smumsmd.ws/x/22e5b4c111b0108bba7ee46e2d40390f663a78044d15d
172.67.152.82
https://xdocusigniusmmxx.smumsmd.ws/ASSETS/img/sig-op.svg
172.67.152.82
https://xdocusigniusmmxx.smumsmd.ws/1
172.67.152.82
https://qubedigital.co.za/cgi/
196.41.127.164
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/88036511fdd041ed/1715107819613/43dea44781d524fab0c0caf6bddfed41babc94905b20777db55e1a2e96faa7ef/86Q5eGi8X09geae
104.17.3.184
https://getbootstrap.com/)
unknown
https://a.nel.cloudflare.com/report/v4?s=YTywhChyeCuLWRV76hdE7urFstSWnKUGm8ZLOkGicO9JUm0HLGHBuFj%2FZxiGO8hYJfvhB50FrK2fqBksl%2FPiOZIlNBinAiAG5fjLg%2FY2rNsW6JtTGpwr5DK%2FdUFmFpypeLAgeBJJICuPwQphFpI%3D
35.190.80.1
https://xdocusigniusmmxx.smumsmd.ws/o/22e5b4c111b0108bba7ee46e2d40390f663a78044d17e
172.67.152.82
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://xdocusigniusmmxx.smumsmd.ws/ASSETS/img/m_.svg
172.67.152.82
https://xdocusigniusmmxx.smumsmd.ws/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=88036502e961c3fd
172.67.152.82
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
https://a.nel.cloudflare.com/report/v4?s=4UFqObZ6wOKdxI6J7b0vAENM6N1gI6NO1XZlZVANMJJV84utxYbNeaIiGUO8cTkACYZVy6%2BZBX6oIjkxeR87jfNuJJC510BpUQg9HUV2L3Hc%2Fi8eft2yol0hchW4D%2FHDJjxufE9yiScNB0eCu4Q%3D
35.190.80.1
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
104.17.3.184
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://a.nel.cloudflare.com/report/v4?s=eXlla%2F4dDt1lYwMOWCDPEgeddxxrMADD4INPXashkyWxIOh%2FvXE9wFLPEfqY5M2XAQ87KMToSPvxi8zvWdjXwg3I3b3%2FvFDj7fRUP57GvFQhXeR53BpooB3dwOAtU3ugwoNl3jM4fRphZxMU0q0%3D
35.190.80.1
https://xdocusigniusmmxx.smumsmd.ws/cdn-cgi/challenge-platform/h/b/flow/ov1/2098344450:1715106462:QtPl_uLk5TRlAxlUCHH-WVGFp67NUZ0WIw1BXth90DQ/88036502e961c3fd/c40f927b3b54105
172.67.152.82
https://xdocusigniusmmxx.smumsmd.ws/APP-22e5b4c111b0108bba7ee46e2d40390f663a78044d157/22e5b4c111b0108bba7ee46e2d40390f663a78044d158
172.67.152.82
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/88036511fdd041ed/1715107819607/JAB62xafV1duHrS
104.17.3.184
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=88036511fdd041ed
104.17.3.184
There are 22 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
xdocusigniusmmxx.smumsmd.ws
172.67.152.82
 malicious
t2.nypost.com
18.164.96.98
qubedigital.co.za
196.41.127.164
bg.microsoft.map.fastly.net
199.232.210.172
a.nel.cloudflare.com
35.190.80.1
url.us.m.mimecastprotect.com
207.211.31.113
urldefense.com
52.6.56.188
challenges.cloudflare.com
104.17.2.184
www.google.com
142.250.80.100
fp2e7a.wpc.phicdn.net
192.229.211.108
t.nypost.com
unknown
urldefense.proofpoint.com
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.67.152.82
xdocusigniusmmxx.smumsmd.ws
United States
malicious
142.250.80.100
www.google.com
United States
192.168.2.17
unknown
unknown
192.168.2.7
unknown
unknown
207.211.31.113
url.us.m.mimecastprotect.com
United States
196.41.127.164
qubedigital.co.za
South Africa
104.17.3.184
unknown
United States
239.255.255.250
unknown
Reserved
52.6.56.188
urldefense.com
United States
18.164.96.98
t2.nypost.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
104.17.2.184
challenges.cloudflare.com
United States
There are 2 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153
 malicious
https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153#
 malicious
https://xdocusigniusmmxx.smumsmd.ws/
https://xdocusigniusmmxx.smumsmd.ws/
https://xdocusigniusmmxx.smumsmd.ws/
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153