IOC Report
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 130
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 131
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 132
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 133
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 134
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 135
ASCII text, with very long lines (65402)
downloaded
Chrome Cache Entry: 136
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
downloaded
Chrome Cache Entry: 137
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 138
GIF image data, version 89a, 100 x 100
dropped
Chrome Cache Entry: 139
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 140
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 141
JSON data
dropped
Chrome Cache Entry: 142
HTML document, Unicode text, UTF-8 text, with very long lines (23170), with CRLF line terminators
downloaded
Chrome Cache Entry: 143
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 144
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881
downloaded
Chrome Cache Entry: 145
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 146
ASCII text, with very long lines (17527), with CRLF line terminators
downloaded
Chrome Cache Entry: 147
ASCII text, with very long lines (65402)
dropped
Chrome Cache Entry: 148
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 149
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
dropped
Chrome Cache Entry: 150
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 151
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 152
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 153
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
downloaded
Chrome Cache Entry: 154
HTML document, ASCII text, with very long lines (2625), with CRLF line terminators
downloaded
Chrome Cache Entry: 155
ASCII text, with very long lines (17527), with CRLF line terminators
dropped
Chrome Cache Entry: 156
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 108310
downloaded
Chrome Cache Entry: 157
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
dropped
Chrome Cache Entry: 158
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 159
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
downloaded
Chrome Cache Entry: 160
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881
dropped
Chrome Cache Entry: 161
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 162
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
downloaded
Chrome Cache Entry: 163
HTML document, ASCII text, with very long lines (13037), with no line terminators
downloaded
Chrome Cache Entry: 164
JSON data
dropped
Chrome Cache Entry: 165
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 166
GIF image data, version 89a, 100 x 100
downloaded
Chrome Cache Entry: 167
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 168
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 169
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678
dropped
Chrome Cache Entry: 170
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
dropped
Chrome Cache Entry: 171
ASCII text, with very long lines (65451)
dropped
Chrome Cache Entry: 172
HTML document, ASCII text, with very long lines (918)
downloaded
Chrome Cache Entry: 173
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 37866
downloaded
Chrome Cache Entry: 174
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 175
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
dropped
Chrome Cache Entry: 176
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
downloaded
Chrome Cache Entry: 177
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678
downloaded
Chrome Cache Entry: 178
ASCII text, with very long lines (17527), with CRLF line terminators
downloaded
Chrome Cache Entry: 179
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
There are 41 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1996,i,7857939130896594004,14220038804681611000,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/"

URLs

Name
IP
Malicious
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/
malicious
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/favicon.ico
172.66.47.137
 malicious
blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af
malicious
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/
malicious
https://a.nel.cloudflare.com/report/v4?s=QcBOsfsYs8PeYUCrKZ2Y9gYZGlIy2rfxNsPqrvrhLDPYQVwXL7h7QpSUTdFShD9ScIbhUZ%2B2yLOTDGIi2rnUall0A8LAMTfpMtaktOvzCYw0x0BvbR9TuUjPW1iBtEvb7H9nsVRO6RAlpW94Q8BS9VvltZt7k9U7r%2BDoFZ1QxvsNf9qAgTXs0y9rWXMDONa8WSAjQjpp
35.190.80.1
https://fetchlnk.truesharingzone.site/get.php
162.254.39.141
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8
https://login.microsoftonline.com
unknown
https://basicplan.filesdistributorin.online/ready-page.php
162.254.39.141
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/favicon.ico
172.66.47.41
https://collector-pxzc5j78di.hsprotect.net/api/v2/msft
35.190.10.96
https://client.hsprotect.net/PXzC5j78di/main.min.js
unknown
https://login.windows-ppe.net
unknown
https://fpt.live.com/
unknown
https://stk.hsprotect.net/ns?c=0d95f950-67ec-11ef-8c21-4b98fcd4657e
34.107.199.61
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8
172.66.47.41
https://theextrenalfiles.filesdistributorin.online/thegifloader/loading.gif
162.254.39.141
There are 6 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev
172.66.47.41
 malicious
s-part-0016.t-0009.t-msedge.net
13.107.246.44
a.nel.cloudflare.com
35.190.80.1
theextrenalfiles.filesdistributorin.online
162.254.39.141
sni1gl.wpc.alphacdn.net
152.199.21.175
fetchlnk.truesharingzone.site
162.254.39.141
s-part-0039.t-0009.t-msedge.net
13.107.246.67
s-part-0045.t-0009.t-msedge.net
13.107.246.73
fp2e7a.wpc.phicdn.net
192.229.221.95
s-part-0014.t-0009.t-msedge.net
13.107.246.42
bg.microsoft.map.fastly.net
199.232.210.172
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.40
inbound-weighted.protechts.net
35.190.10.96
bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev
172.66.47.137
www.google.com
142.250.186.132
stk.hsprotect.net
34.107.199.61
basicplan.filesdistributorin.online
162.254.39.141
s-part-0032.t-0009.t-msedge.net
13.107.246.60
signup.live.com
unknown
collector-pxzc5j78di.hsprotect.net
unknown
logincdn.msftauth.net
unknown
client.hsprotect.net
unknown
msft.hsprotect.net
unknown
fpt.live.com
unknown
There are 14 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.66.47.41
palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev
United States
malicious
13.107.246.42
s-part-0014.t-0009.t-msedge.net
United States
162.254.39.141
theextrenalfiles.filesdistributorin.online
United States
35.190.10.96
inbound-weighted.protechts.net
United States
13.107.246.44
s-part-0016.t-0009.t-msedge.net
United States
13.107.246.60
s-part-0032.t-0009.t-msedge.net
United States
192.168.2.6
unknown
unknown
192.168.2.5
unknown
unknown
142.250.186.132
www.google.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
34.107.199.61
stk.hsprotect.net
United States
13.107.246.73
s-part-0045.t-0009.t-msedge.net
United States
239.255.255.250
unknown
Reserved
172.66.47.137
bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev
United States
152.199.21.175
sni1gl.wpc.alphacdn.net
United States
There are 5 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af
 malicious
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1