IOC Report
http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 131
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 132
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 133
ASCII text, with very long lines (17527), with CRLF line terminators
downloaded
Chrome Cache Entry: 134
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 135
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 136
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (65402)
downloaded
Chrome Cache Entry: 138
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
downloaded
Chrome Cache Entry: 139
GIF image data, version 89a, 100 x 100
dropped
Chrome Cache Entry: 140
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 141
JSON data
dropped
Chrome Cache Entry: 142
HTML document, Unicode text, UTF-8 text, with very long lines (23182), with CRLF line terminators
downloaded
Chrome Cache Entry: 143
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 144
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881
downloaded
Chrome Cache Entry: 145
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 146
HTML document, ASCII text, with very long lines (13037), with no line terminators
downloaded
Chrome Cache Entry: 147
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 148
ASCII text, with very long lines (65402)
dropped
Chrome Cache Entry: 149
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 150
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
dropped
Chrome Cache Entry: 151
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 152
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 153
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
downloaded
Chrome Cache Entry: 154
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 108310
downloaded
Chrome Cache Entry: 155
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
dropped
Chrome Cache Entry: 156
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 157
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
downloaded
Chrome Cache Entry: 158
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881
dropped
Chrome Cache Entry: 159
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 160
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
downloaded
Chrome Cache Entry: 161
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 162
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 163
HTML document, ASCII text, with very long lines (2627), with CRLF line terminators
downloaded
Chrome Cache Entry: 164
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 165
JSON data
dropped
Chrome Cache Entry: 166
GIF image data, version 89a, 100 x 100
downloaded
Chrome Cache Entry: 167
ASCII text, with very long lines (17527), with CRLF line terminators
dropped
Chrome Cache Entry: 168
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 169
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 170
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678
dropped
Chrome Cache Entry: 171
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
dropped
Chrome Cache Entry: 172
ASCII text, with very long lines (65451)
dropped
Chrome Cache Entry: 173
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 174
HTML document, ASCII text, with very long lines (918)
downloaded
Chrome Cache Entry: 175
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 37866
downloaded
Chrome Cache Entry: 176
ASCII text, with very long lines (17527), with CRLF line terminators
downloaded
Chrome Cache Entry: 177
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
dropped
Chrome Cache Entry: 178
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
downloaded
Chrome Cache Entry: 179
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678
downloaded
Chrome Cache Entry: 180
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
There are 41 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1996,i,7157607864066825849,6225300324728480668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/"

URLs

Name
IP
Malicious
http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/
malicious
blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873
malicious
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6
172.66.47.41
https://fetchlnk.truesharingzone.site/get.php
162.254.39.141
https://login.microsoftonline.com
unknown
https://basicplan.filesdistributorin.online/ready-page.php
162.254.39.141
https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/
https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/favicon.ico
172.66.44.217
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/favicon.ico
172.66.47.41
https://collector-pxzc5j78di.hsprotect.net/api/v2/msft
35.190.10.96
https://stk.hsprotect.net/ns?c=54ff8770-67ec-11ef-b473-f144fcc16b1e
34.107.199.61
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6
https://client.hsprotect.net/PXzC5j78di/main.min.js
unknown
https://login.windows-ppe.net
unknown
https://fpt.live.com/
unknown
https://theextrenalfiles.filesdistributorin.online/thegifloader/loading.gif
162.254.39.141
There are 5 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev
172.66.47.41
 malicious
a.nel.cloudflare.com
35.190.80.1
theextrenalfiles.filesdistributorin.online
162.254.39.141
sni1gl.wpc.alphacdn.net
152.199.21.175
6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev
172.66.44.217
s-part-0017.t-0009.t-msedge.net
13.107.246.45
fetchlnk.truesharingzone.site
162.254.39.141
s-part-0039.t-0009.t-msedge.net
13.107.246.67
fp2e7a.wpc.phicdn.net
192.229.221.95
inbound-weighted.protechts.net
35.190.10.96
www.google.com
216.58.206.68
stk.hsprotect.net
34.107.199.61
basicplan.filesdistributorin.online
162.254.39.141
s-part-0032.t-0009.t-msedge.net
13.107.246.60
signup.live.com
unknown
collector-pxzc5j78di.hsprotect.net
unknown
logincdn.msftauth.net
unknown
client.hsprotect.net
unknown
msft.hsprotect.net
unknown
fpt.live.com
unknown
There are 10 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.66.47.41
palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev
United States
malicious
162.254.39.141
theextrenalfiles.filesdistributorin.online
United States
35.190.10.96
inbound-weighted.protechts.net
United States
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
13.107.246.67
s-part-0039.t-0009.t-msedge.net
United States
192.168.2.4
unknown
unknown
13.107.246.60
s-part-0032.t-0009.t-msedge.net
United States
192.168.2.6
unknown
unknown
35.190.80.1
a.nel.cloudflare.com
United States
34.107.199.61
stk.hsprotect.net
United States
172.66.44.217
6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev
United States
172.66.47.39
unknown
United States
216.58.206.68
www.google.com
United States
239.255.255.250
unknown
Reserved
152.199.21.175
sni1gl.wpc.alphacdn.net
United States
There are 5 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873
 malicious
https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1
https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1