IOC Report
https://cfqks04.na1.hs-sales-engage.com/Ctc/DL+23284/cFQKs04/JkM2-6qcW6N1vHY6lZ3n6W13FGTK78rLWNW3hSFrL1mhDS0W6K60sL65VYNvW3RPLgP2krG_2W3x8qzR3Lv-N5V40rcF4hrB5-W2mYtMQ8k6x8kN3NW8V9Cjg2yW3lPmlY4pYntgW6cPH3t2DYH5LVLT7qw8jMX20W5-VhlT6ytSKyMGzCKGmGzyYW8DkjZz7vnwm-W4w4fFW2rbM_QW7x3ch990JWQwW35hPl57JwgXCW1

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 59
Web Open Font Format (Version 2), TrueType, length 29088, version 1.0
downloaded
Chrome Cache Entry: 60
Unicode text, UTF-8 text, with very long lines (65521), with no line terminators
dropped
Chrome Cache Entry: 61
PNG image data, 100 x 100, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 62
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
downloaded
Chrome Cache Entry: 63
ASCII text, with very long lines (59594)
downloaded
Chrome Cache Entry: 64
Web Open Font Format (Version 2), TrueType, length 29452, version 1.0
downloaded
Chrome Cache Entry: 65
Unicode text, UTF-8 text, with very long lines (61243)
downloaded
Chrome Cache Entry: 66
Unicode text, UTF-8 text, with very long lines (65521), with no line terminators
downloaded
Chrome Cache Entry: 67
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
dropped
Chrome Cache Entry: 68
ASCII text, with very long lines (34202)
downloaded
Chrome Cache Entry: 69
ASCII text, with very long lines (413)
dropped
Chrome Cache Entry: 70
JSON data
dropped
Chrome Cache Entry: 71
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 600x120, components 3
dropped
Chrome Cache Entry: 72
ASCII text, with very long lines (2878)
downloaded
Chrome Cache Entry: 73
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 74
Unicode text, UTF-8 text, with very long lines (1064)
downloaded
Chrome Cache Entry: 75
Unicode text, UTF-8 text, with very long lines (61243)
dropped
Chrome Cache Entry: 76
ASCII text, with very long lines (2878)
dropped
Chrome Cache Entry: 77
Web Open Font Format (Version 2), TrueType, length 29604, version 1.0
downloaded
Chrome Cache Entry: 78
Web Open Font Format (Version 2), TrueType, length 53724, version 1.0
downloaded
Chrome Cache Entry: 79
JSON data
downloaded
Chrome Cache Entry: 80
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 81
RIFF (little-endian) data, Web/P image, VP8 encoding, 600x120, Scaling: [none]x[none], YUV color, decoders should clamp
downloaded
Chrome Cache Entry: 82
ASCII text, with very long lines (492)
downloaded
Chrome Cache Entry: 83
ASCII text, with very long lines (413)
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 85
Unicode text, UTF-8 text, with very long lines (1064)
dropped
Chrome Cache Entry: 86
HTML document, ASCII text, with very long lines (5007)
downloaded
Chrome Cache Entry: 87
ASCII text, with very long lines (492)
dropped
Chrome Cache Entry: 88
ASCII text, with very long lines (59594)
dropped
Chrome Cache Entry: 89
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 90
HTML document, Unicode text, UTF-8 text, with very long lines (1183)
downloaded
There are 23 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2236,i,14116979977549767402,15509910687156821400,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cfqks04.na1.hs-sales-engage.com/Ctc/DL+23284/cFQKs04/JkM2-6qcW6N1vHY6lZ3n6W13FGTK78rLWNW3hSFrL1mhDS0W6K60sL65VYNvW3RPLgP2krG_2W3x8qzR3Lv-N5V40rcF4hrB5-W2mYtMQ8k6x8kN3NW8V9Cjg2yW3lPmlY4pYntgW6cPH3t2DYH5LVLT7qw8jMX20W5-VhlT6ytSKyMGzCKGmGzyYW8DkjZz7vnwm-W4w4fFW2rbM_QW7x3ch990JWQwW35hPl57JwgXCW1GQ2M49g74QvW6gyCgd3-P_VlW75lFMN3Kn6YnW4VlXWQ2_jJ6-N42CgyYkD6V2f4w9bmg04"

URLs

Name
IP
Malicious
https://cfqks04.na1.hs-sales-engage.com/Ctc/DL+23284/cFQKs04/JkM2-6qcW6N1vHY6lZ3n6W13FGTK78rLWNW3hSFrL1mhDS0W6K60sL65VYNvW3RPLgP2krG_2W3x8qzR3Lv-N5V40rcF4hrB5-W2mYtMQ8k6x8kN3NW8V9Cjg2yW3lPmlY4pYntgW6cPH3t2DYH5LVLT7qw8jMX20W5-VhlT6ytSKyMGzCKGmGzyYW8DkjZz7vnwm-W4w4fFW2rbM_QW7x3ch990JWQwW35hPl57JwgXCW1GQ2M49g74QvW6gyCgd3-P_VlW75lFMN3Kn6YnW4VlXWQ2_jJ6-N42CgyYkD6V2f4w9bmg04
https://static.hsappstatic.net/ui-fonts/static-1.321/fonts/LexendDeca-SemiBold.woff2
104.17.176.91
https://static.hsappstatic.net/MeetingsPublic/static-1.47538/bundles/project_with_deps.css
104.17.176.91
https://cdn2.hubspot.net/hubfs/5481240/keeper_600x120.jpg
104.18.90.62
http://www.hubspot.com
unknown
https://static.hsappstatic.net/MeetingsPublic/static-1.47538/html/configure-monitoring.js
104.17.176.91
https://avatars.hubspot.net/default-170
104.18.87.62
https://exceptions.hubspot.com/1
unknown
https://static.hsappstatic.net/MeetingsPublic/static-1.47538/html/book-info-early-requester.js
104.17.176.91
https://static.hsappstatic.net/MeetingsPublic/static-1.47538/bundles/project.js
104.17.176.91
https://cfqks04.na1.hs-sales-engage.com/events/public/v1/encoded/track/tc/DL
unknown
https://app.hubspot.com/hubsettings/v1/avatar/hash/72c2b9fd2ee03a8b2c9114dc8272642f/144
104.16.118.116
https://git.hubteam.com/HubSpot/I18n/issues/59
unknown
http://bit.ly/raven-secret-key
unknown
https://js.hs-analytics.net/analytics/1730133900000/5481240.js
104.16.160.168
https://track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=5481240&ccu=https%3A%2F%2Fmeetings.hubspot.com%2Flizzethe&pu=https%3A%2F%2Fmeetings.hubspot.com%2Flizzethe%3Fuuid%3D95b331ae-5d9d-480d-b047-e31644e00799&t=Meet+with+Lizzethe+Sasco&cts=1730134122698&vi=9d7a7f6be6856367f1ba663353924d2c&nc=true&u=80725643.9d7a7f6be6856367f1ba663353924d2c.1730134122663.1730134122663.1730134122663.1&b=80725643.1.1730134122664&cc=15
104.16.118.116
https://cfqks04.na1.hs-sales-engage.com/events/public/v1/encoded/track/tc/DL+23284/cFQKs04/JkM2-6qcW6N1vHY6lZ3n6W13FGTK78rLWNW3hSFrL1mhDS0W6K60sL65VYNvW3RPLgP2krG_2W3x8qzR3Lv-N5V40rcF4hrB5-W2mYtMQ8k6x8kN3NW8V9Cjg2yW3lPmlY4pYntgW6cPH3t2DYH5LVLT7qw8jMX20W5-VhlT6ytSKyMGzCKGmGzyYW8DkjZz7vnwm-W4w4fFW2rbM_QW7x3ch990JWQwW35hPl57JwgXCW1GQ2M49g74QvW6gyCgd3-P_VlW75lFMN3Kn6YnW4VlXWQ2_jJ6-N42CgyYkD6V2f4w9bmg04?_ud=dfb53ffd-94d4-4998-a326-c2f676081d46&_jss=1&_fl=8&_pl=5&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1280,1024
104.18.38.91
https://app.hubspot.com/api/cartographer/v1/performance?hs_static_app=MeetingsPublic&hs_static_app_version=1.47538
104.16.118.116
https://meetings.hubspot.com/lizzethe
104.16.117.116
https://js-na1.hs-scripts.com/5481240.js
unknown
https://static.hsappstatic.net/ui-fonts/static-1.321/fonts/LexendDeca-Light.woff2
104.17.176.91
https://static.hsappstatic.net/hubspot-dlb/static-1.998/bundle.production.js
104.17.176.91
https://meetings.hubspot.com/favicon.ico
104.16.117.116
https://js.hs-banner.com/cookie-banner-public/v1
unknown
https://keepersecurity.com/resources.html
unknown
https://keepersecurity.com/resources/ponemon-webinar.html
unknown
https://track.hubspot.com/__ptq.gif?k=15&fi=cca31bb4-0c50-43f4-aac2-96d64c2f3aeb&ft=5&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=5481240&ccu=https%3A%2F%2Fmeetings.hubspot.com%2Flizzethe&pu=https%3A%2F%2Fmeetings.hubspot.com%2Flizzethe%3Fuuid%3D95b331ae-5d9d-480d-b047-e31644e00799&t=Meet+with+Lizzethe+Sasco&cts=1730134122700&vi=9d7a7f6be6856367f1ba663353924d2c&nc=true&u=80725643.9d7a7f6be6856367f1ba663353924d2c.1730134122663.1730134122663.1730134122663.1&b=80725643.1.1730134122664&cc=15
104.16.118.116
https://keepersecurity.com/resources/how-password-management-protects-your-business-against-its-grea
unknown
https://keepersecurity.com/resources/cpa-webinars.html
unknown
https://static.hsappstatic.net/ui-fonts/static-1.321/fonts/LexendDeca-Medium.woff2
104.17.176.91
http://hubs.ly/H0702_H0
unknown
https://app.hubspot.com/api/usage-logging/v1/log/hublytics-multi/no-auth?clientSendTimestamp=1730134144038
104.16.118.116
https://app.hubspot.com/api/cartographer/v1/ipl
104.16.118.116
https://app.hubspot.com/api/meetings-public/v3/book?slug=lizzethe&now=1730134116591&includeInactiveLink=true&location=meetings.hubspot.com&hubspotUtk=null&timezone=America%2FNew_York&hs_static_app=MeetingsPublic&hs_static_app_version=1.47538&clienttimeout=12000
104.16.118.116
https://app.hubspot.com/userpreferences/v1/avatar/72c2b9fd2ee03a8b2c9114dc8272642f/144
104.16.118.116
https://cfqks04.na1.hs-sales-engage.com/Ctc/DL+23284/cFQKs04/JkM2-6qcW6N1vHY6lZ3n6W13FGTK78rLWNW3hSFrL1mhDS0W6K60sL65VYNvW3RPLgP2krG_2W3x8qzR3Lv-N5V40rcF4hrB5-W2mYtMQ8k6x8kN3NW8V9Cjg2yW3lPmlY4pYntgW6cPH3t2DYH5LVLT7qw8jMX20W5-VhlT6ytSKyMGzCKGmGzyYW8DkjZz7vnwm-W4w4fFW2rbM_QW7x3ch990JWQwW35hPl57JwgXCW1GQ2M49g74QvW6gyCgd3-P_VlW75lFMN3Kn6YnW4VlXWQ2_jJ6-N42CgyYkD6V2f4w9bmg04
104.18.38.91
https://js.hs-banner.com/5481240.js
104.18.40.240
https://meetings.hubspot.com/lizzethe?uuid=95b331ae-5d9d-480d-b047-e31644e00799
https://static.hsappstatic.net/icons/static-2.575/fonts/spacesword-low.woff2
104.17.176.91
https://js.hs-scripts.com/5481240.js?disableCollectedForms=true
104.16.140.209
https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=MeetingsPublic&hs_static_app_version=1.47538
104.16.118.116
https://static.hsappstatic.net/head-dlb/static-1.1160/bundle.production.js
104.17.176.91
https://git.hubteam.com/HubSpot/faast-ui/issues/248
unknown
https://metrics-fe-na1.hubspot.com/metrics/v1/frontend/custom/send?hs_static_app=MeetingsPublic&hs_static_app_version=static-1.47538
104.16.117.116
https://app.hubspot.com/api/usage-logging/v1/log/hublytics-multi/no-auth?clientSendTimestamp=1730134124176
104.16.118.116
https://exceptions.hubspot.com/api/1/store/?sentry_version=7&sentry_client=raven-js%2F3.19.1&sentry_key=cfb4740fa2594f1384b1db54ce6c529b&isPageEvent=true
104.16.117.116
There are 35 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cdn2.hubspot.net
104.18.90.62
js.hs-banner.com
104.18.40.240
meetings.hubspot.com
104.16.117.116
static.hsappstatic.net
104.17.176.91
app.hubspot.com
104.16.118.116
metrics-fe-na1.hubspot.com
104.16.117.116
cfqks04.na1.hs-sales-engage.com
104.18.38.91
s-part-0017.t-0009.fb-t-msedge.net
13.107.253.45
exceptions.hubspot.com
104.16.117.116
js.hs-analytics.net
104.16.160.168
fp2e7a.wpc.phicdn.net
192.229.221.95
bg.microsoft.map.fastly.net
199.232.210.172
avatars.hubspot.net
104.18.87.62
track.hubspot.com
104.16.118.116
js.hs-scripts.com
104.16.140.209
www.google.com
172.217.18.4
s-part-0032.t-0009.t-msedge.net
13.107.246.60
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.18.87.62
avatars.hubspot.net
United States
104.18.38.91
cfqks04.na1.hs-sales-engage.com
United States
104.16.140.209
js.hs-scripts.com
United States
104.17.176.91
static.hsappstatic.net
United States
104.18.89.62
unknown
United States
172.217.18.4
www.google.com
United States
192.168.2.4
unknown
unknown
104.18.90.62
cdn2.hubspot.net
United States
104.16.118.116
app.hubspot.com
United States
104.17.175.201
unknown
United States
104.18.40.240
js.hs-banner.com
United States
239.255.255.250
unknown
Reserved
104.17.173.91
unknown
United States
172.64.147.16
unknown
United States
104.16.141.209
unknown
United States
104.16.160.168
js.hs-analytics.net
United States
104.16.117.116
meetings.hubspot.com
United States
There are 7 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://meetings.hubspot.com/lizzethe?uuid=95b331ae-5d9d-480d-b047-e31644e00799
https://meetings.hubspot.com/lizzethe?uuid=95b331ae-5d9d-480d-b047-e31644e00799