IOC Report
https://docsend.com/presentation_users/E8ZmQyTe3_RJa_9pzKRa?redirect_url=https%3A%2F%2Fdocsend.com%2Fview%2Fs%2Fzxqzirinh2bw2bfp

loading gif

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,4048712102622945065,17185252306210673249,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docsend.com/presentation_users/E8ZmQyTe3_RJa_9pzKRa?redirect_url=https%3A%2F%2Fdocsend.com%2Fview%2Fs%2Fzxqzirinh2bw2bfp"

URLs

Name
IP
Malicious
https://docsend.com/presentation_users/E8ZmQyTe3_RJa_9pzKRa?redirect_url=https%3A%2F%2Fdocsend.com%2Fview%2Fs%2Fzxqzirinh2bw2bfp
https://assets.ducksend.com/assets/AtlasGrotesk-Regular-Web-DS4XBEAW-43693f7bdd6146e783fab3f75ba0a51aa3cf9530adbf790dbd686fc8a17aa3db.woff2
18.65.229.111
https://assets.ducksend.com/assets/AtlasGrotesk-Medium-Web-LFHKUOTE-b5db3e633ec765fc01a19c06b0955d56c2503285e59d8d348d08ec34abbfeaf3.woff2
18.65.229.111
https://docsend.com/client_log
18.172.170.110
https://js.intercomcdn.com/frame-modern.4d66b2f2.js
18.238.217.108
https://www.dropbox.com/pithos/ux_analytics
162.125.1.18
https://www.dropbox.com/csp_log?policy_name=docsend
162.125.1.18
https://www.dropbox.com/pithos/marketing_tracker_client
162.125.1.18
https://www.dropbox.com/pithos/host%3Adocsend.com/privacy_consent
162.125.1.18
https://d.dropbox.com/crashdash/proxy/sessions
162.125.8.20
https://js.intercomcdn.com/app-modern.ef3c49a6.js
18.238.217.108
https://docsend.com/metrics/properties
18.172.170.110
https://www.dropbox.com/log/ux_analytics
162.125.1.18
https://events.statsigapi.net/v1/rgstr
34.128.128.0
https://widget.intercom.io/widget/lv6lji7h
18.238.217.12
https://api-iam.intercom.io/messenger/web/metrics
3.215.228.22
https://assets.docsend.com/assets/stylesheets/presentation-4b9f317afea33e545f125d4df0bcfd8383b791132b867381ed328572ecd8a7ab.css
3.163.158.86
https://www.dropbox.com/pithos/host%3Adocsend.com/marketing_tracker_client
162.125.1.18
https://js.intercomcdn.com/vendor-modern.84baedee.js
18.238.217.108
https://spclient.wg.spotify.com/v1/live-tile-xml?region=GB&language=en-US
35.186.224.25
https://js.intercomcdn.com/app~tooltips-modern.bc0a2f19.js
18.238.217.108
https://docsend.com/favicon.ico?v=6
18.172.170.110
https://www.dropbox.com/pithos/host%3Adocsend.com/ux_analytics
162.125.1.18
https://assets.docsend.com/assets/javascripts/presentation-5fc604fa15bc87a0fb75ab901b19342a6acea826712827896d4971b241ecb21d.js
3.163.158.86
https://docsend.com/presentation_users/E8ZmQyTe3_RJa_9pzKRa?redirect_url=https%3A%2F%2Fdocsend.com%2Fview%2Fs%2Fzxqzirinh2bw2bfp
18.172.170.110
https://js.intercomcdn.com/vendors~app~tooltips-modern.9292a7fd.js
18.238.217.108
https://docsend.com/view/s/zxqzirinh2bw2bfp
https://statsigapi.net/v1/sdk_exception
34.128.128.0
https://assets.docsend.com/assets/javascripts/presentation-f83947fa83943be50f03a0df58afdbdbb19a1b9db9a4d6e264f5e0dac7e1ea0b.css
3.163.158.86
https://assets.docsend.com/assets/javascripts/langpacks/en-7335ca5f4d5fd5c21e920914e3876cac05dc13fc03c0bc660a193782d2749d7a.js
3.163.158.86
https://assets.ducksend.com/assets/AtlasGrotesk-Regular-Italic-Web-ZM4W24YU-39e1b683885a862832eb9f30c6626b7e36613856ee10e8c2d1bf671921ab70ff.woff2
18.65.229.111
https://api-iam.intercom.io/messenger/web/ping
3.215.228.22
https://www.dropbox.com/pithos/privacy_consent
162.125.1.18
https://assets.ducksend.com/assets/content-folder-HDGUBPAX-14848f87660b30e1ecd01137e63e7c3b6e3d725e5ed598633ce315fa1e4d2afd.svg
18.65.229.111
https://docsend.com/metrics/events
18.172.170.110
https://js.intercomcdn.com/vendors~app-modern.f45e12b6.js
18.238.217.108
https://nexus-websocket-a.intercom.io/pubsub/5-mII3z3EmzhYoNzny4-uOBUibyRS0O6Xg3DJk5JZaui-WY-yvUUEHrB9q5f3-jXmBBaWHVa9Zxh9H4XXgwvJygMdYpy7Kxb9-s4S1?X-Nexus-New-Client=true&X-Nexus-Version=0.12.12&user_role=visitor
35.174.127.31
There are 26 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
d2qvtfnm75xrxf.cloudfront.net
3.163.158.86
widget.intercom.io
18.238.217.12
www-env.dropbox-dns.com
162.125.1.18
d-edge.v.dropbox.com
162.125.8.20
www.google.com
142.251.211.228
events.statsigapi.net
34.128.128.0
api-iam.intercom.io
3.215.228.22
nexus-websocket-a.intercom.io
35.174.127.31
d5doxliz2zm8u.cloudfront.net
18.65.229.111
docsend.com
18.172.170.110
statsigapi.net
34.128.128.0
js.intercomcdn.com
18.238.217.108
assets.docsend.com
unknown
cfl.dropboxstatic.com
unknown
d.dropbox.com
unknown
www.dropbox.com
unknown
assets.ducksend.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
3.163.158.86
d2qvtfnm75xrxf.cloudfront.net
United States
142.251.211.228
www.google.com
United States
3.163.158.84
unknown
United States
162.125.8.20
d-edge.v.dropbox.com
United States
18.172.170.110
docsend.com
United States
35.174.127.31
nexus-websocket-a.intercom.io
United States
192.168.11.20
unknown
unknown
18.238.217.108
js.intercomcdn.com
United States
34.128.128.0
events.statsigapi.net
United States
239.255.255.250
unknown
Reserved
18.238.217.12
widget.intercom.io
United States
162.125.1.18
www-env.dropbox-dns.com
United States
18.65.229.111
d5doxliz2zm8u.cloudfront.net
United States
3.215.228.22
api-iam.intercom.io
United States
There are 4 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://docsend.com/view/s/zxqzirinh2bw2bfp
https://docsend.com/view/s/zxqzirinh2bw2bfp
https://docsend.com/view/s/zxqzirinh2bw2bfp
https://docsend.com/view/s/zxqzirinh2bw2bfp
https://docsend.com/view/s/zxqzirinh2bw2bfp