IOC Report
https://zastromts.za.com/v3oX/#E

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:25:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:25:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:25:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:25:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:25:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
downloaded
Chrome Cache Entry: 101
ASCII text, with very long lines (47992), with no line terminators
dropped
Chrome Cache Entry: 102
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 103
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
downloaded
Chrome Cache Entry: 104
PNG image data, 69 x 92, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 105
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
dropped
Chrome Cache Entry: 106
Web Open Font Format (Version 2), TrueType, length 116672, version 773.256
downloaded
Chrome Cache Entry: 107
Web Open Font Format (Version 2), TrueType, length 156532, version 773.256
downloaded
Chrome Cache Entry: 108
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x296, components 3
downloaded
Chrome Cache Entry: 109
HTML document, ASCII text, with very long lines (1238)
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (52276)
downloaded
Chrome Cache Entry: 111
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
downloaded
Chrome Cache Entry: 112
ASCII text, with very long lines (47992), with no line terminators
downloaded
Chrome Cache Entry: 113
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
downloaded
Chrome Cache Entry: 114
PNG image data, 69 x 92, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 115
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
downloaded
Chrome Cache Entry: 116
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
dropped
Chrome Cache Entry: 117
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
dropped
Chrome Cache Entry: 118
HTML document, ASCII text, with very long lines (1238)
dropped
Chrome Cache Entry: 119
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
downloaded
Chrome Cache Entry: 120
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 82
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
dropped
Chrome Cache Entry: 83
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
dropped
Chrome Cache Entry: 84
Web Open Font Format (Version 2), TrueType, length 116672, version 773.256
downloaded
Chrome Cache Entry: 85
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
downloaded
Chrome Cache Entry: 86
Web Open Font Format (Version 2), TrueType, length 156532, version 773.256
downloaded
Chrome Cache Entry: 87
ASCII text, with very long lines (52276)
downloaded
Chrome Cache Entry: 88
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x316, components 3
downloaded
Chrome Cache Entry: 89
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x316, components 3
dropped
Chrome Cache Entry: 90
Unicode text, UTF-8 text, with very long lines (65342)
downloaded
Chrome Cache Entry: 91
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 92
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 93
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 94
HTML document, ASCII text, with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 95
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x296, components 3
dropped
Chrome Cache Entry: 96
Unicode text, UTF-8 text, with very long lines (65342)
downloaded
Chrome Cache Entry: 97
ASCII text, with very long lines (47531)
downloaded
Chrome Cache Entry: 98
ASCII text, with very long lines (47531)
dropped
Chrome Cache Entry: 99
HTML document, ASCII text, with CRLF, LF line terminators
downloaded
There are 36 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1784,i,11358973275970356452,17358805658181886115,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zastromts.za.com/v3oX/#E"

URLs

Name
IP
Malicious
https://zastromts.za.com/v3oX/#E
malicious
https://zastromts.za.com/v3oX/#E
malicious
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8dac6ae8de8646e3&lang=auto
104.18.95.41
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8dac6ae8de8646e3/1730301924771/J-k-xKzMY8POWMy
104.18.95.41
https://cdn.jsdelivr.net/npm/bootstrap
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/d11ix/0x4AAAAAAAxn_rTxRBzdM1iX/auto/fbE/normal/auto/
104.18.95.41
https://x.com/baytul-hijabo.ru
unknown
https://github.com/twbs/bootstrap/blob/main/LICENSE)
unknown
https://challenges.cloudflare.com/turnstile/v0/api.js
104.18.94.41
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/773062457:1730299201:q1CDYIcjkB4UHLDTbMFORExlajSIF5RmcYT0suwBdz4/8dac6ae8de8646e3/eCQJuNBQ1CsTPjMHTuAkyOPj_FsVr0P4JLXHMcicTVE-1730301922-1.1.1.1-P6MbYl8YnFjv_TCPPhVAr9XWilrHVd3B3u.6MqKnNj05LNU.8fo8Z9_fYw9yTNsj
104.18.95.41
https://baytul-hijabo.ru/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.11.102
https://getbootstrap.com/)
unknown
https://a.nel.cloudflare.com/report/v4?s=YFF9K0pSThgn1k3xDR9bk2Bo1W02aZC%2FVD0u0PZzwqpxidOlTDI00%2FVHiqEZIfWFvW2BSMaI%2FIx6tbaSUiURgK9RqNfPKH%2BIAlWuht0lHe3HFa59OCHCwcW%2FoX19L0H7nNlp
35.190.80.1
https://baytul-hijabo.ru/favicon.ico
104.21.11.102
https://a.nel.cloudflare.com/report/v4?s=ZKlDjR7eYb5YbCTRe%2FBwGO%2BawAzhOCUCnHLSRE5AjQ3BjOvcY3dWxYNaxD9B9M4G1r1j5wMCiahEf%2FjDwu6H0BtyKRn8EiYRLieUeQZYnv3W49s0eiGB2r6Mnm8gAz9c3Jo9
35.190.80.1
https://baytul-hijabo.ru//#contact
unknown
https://fontawesome.com/license/free
unknown
https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css
151.101.193.229
https://fontawesome.com
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8dac6ae8de8646e3/1730301924772/fe537286ceb89a55716c661ecf427a781292ce81a9c38ba6b73be269c1150e02/1ybUAN2X_rtC87V
104.18.95.41
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/fa-brands-400.woff2
104.17.24.14
https://instagram.com/baytul-hijabo.ru
unknown
https://baytul-hijabo.ru//
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/fa-solid-900.woff2
104.17.24.14
https://linkedin.com/in/baytul-hijabo.ru
unknown
https://baytul-hijabo.ru//#inventory
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
104.18.95.41
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css
104.17.24.14
https://baytul-hijabo.ru//#services
unknown
https://zastromts.za.com/favicon.ico
188.114.97.3
https://zastromts.za.com/v3oX/
188.114.97.3
https://challenges.cloudflare.com/turnstile/v0/g/f2bbd6738e15/api.js
104.18.94.41
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
104.17.24.14
There are 22 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
jsdelivr.map.fastly.net
151.101.193.229
a.nel.cloudflare.com
35.190.80.1
cdnjs.cloudflare.com
104.17.24.14
zastromts.za.com
188.114.97.3
challenges.cloudflare.com
104.18.94.41
www.google.com
142.250.184.196
baytul-hijabo.ru
172.67.148.193
cdn.jsdelivr.net
unknown
aefd.nelreports.net
unknown

IPs

IP
Domain
Country
Malicious
142.250.184.196
www.google.com
United States
104.17.24.14
cdnjs.cloudflare.com
United States
172.67.148.193
baytul-hijabo.ru
United States
151.101.193.229
jsdelivr.map.fastly.net
United States
151.101.129.229
unknown
United States
104.18.94.41
challenges.cloudflare.com
United States
192.168.2.16
unknown
unknown
104.18.95.41
unknown
United States
192.168.2.6
unknown
unknown
239.255.255.250
unknown
Reserved
188.114.97.3
zastromts.za.com
European Union
35.190.80.1
a.nel.cloudflare.com
United States
104.21.11.102
unknown
United States
There are 3 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://zastromts.za.com/v3oX/#E
 malicious
https://zastromts.za.com/v3oX/#E
https://zastromts.za.com/v3oX/#E
https://zastromts.za.com/v3oX/#E
https://zastromts.za.com/v3oX/#E
https://baytul-hijabo.ru//
https://baytul-hijabo.ru//#inventory