IOC Report
https://www.directcommerce.com/e3t/Ctc/LW+113/cxTvs04/VXh84F1y5yWKW4GR0mQ35bLC_W6y9Q695m9L8YN99fz8T3lYMRW6N1vHY6lZ3nXW4YNGhR46Bj3YW1jTTWv5m59LZW3HrZs72y9QqPN3hRt4Ky7Pj4W2Jddsl3wM0DNVh_d873dFTsyW7M9Zxn49ZRsrW9hjt-B3yv0rXV_YXQ84gtxbCW6xXBBn3-SJBBW6LTjxX7ccFD0N8Kvc2NZBBbmVxZBZw2pZ04gW6PHgGW18Q6xpVXYc11

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 116
ASCII text, with very long lines (3712), with no line terminators
dropped
Chrome Cache Entry: 117
ASCII text
downloaded
Chrome Cache Entry: 118
ASCII text, with very long lines (8147), with no line terminators
dropped
Chrome Cache Entry: 119
ASCII text, with very long lines (3712), with no line terminators
downloaded
Chrome Cache Entry: 120
Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
dropped
Chrome Cache Entry: 121
HTML document, Unicode text, UTF-8 text, with very long lines (1183)
downloaded
Chrome Cache Entry: 122
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 123
JSON data
dropped
Chrome Cache Entry: 124
Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
downloaded
Chrome Cache Entry: 125
ASCII text
dropped
Chrome Cache Entry: 126
JSON data
downloaded
Chrome Cache Entry: 127
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 128
ASCII text, with very long lines (65435)
downloaded
Chrome Cache Entry: 129
ASCII text, with very long lines (65435)
dropped
Chrome Cache Entry: 130
ASCII text, with very long lines (8175), with no line terminators
downloaded
Chrome Cache Entry: 131
HTML document, Unicode text, UTF-8 text, with very long lines (5334)
downloaded
Chrome Cache Entry: 132
Unicode text, UTF-8 text, with very long lines (52402)
downloaded
There are 8 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1676 --field-trial-handle=2056,i,13798420560195444510,16949063482682555976,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.directcommerce.com/e3t/Ctc/LW+113/cxTvs04/VXh84F1y5yWKW4GR0mQ35bLC_W6y9Q695m9L8YN99fz8T3lYMRW6N1vHY6lZ3nXW4YNGhR46Bj3YW1jTTWv5m59LZW3HrZs72y9QqPN3hRt4Ky7Pj4W2Jddsl3wM0DNVh_d873dFTsyW7M9Zxn49ZRsrW9hjt-B3yv0rXV_YXQ84gtxbCW6xXBBn3-SJBBW6LTjxX7ccFD0N8Kvc2NZBBbmVxZBZw2pZ04gW6PHgGW18Q6xpVXYc118ZcYd_W86ZCB673Dr4MW7_ktZM8wbWJHW10Zxg048HgVJW6Lh-pM3pnR2lVwDX5W27KLBrVxp42m6n9s74W3xkrCW2910MWf74wJ0H04"

URLs

Name
IP
Malicious
https://www.directcommerce.com/e3t/Ctc/LW+113/cxTvs04/VXh84F1y5yWKW4GR0mQ35bLC_W6y9Q695m9L8YN99fz8T3lYMRW6N1vHY6lZ3nXW4YNGhR46Bj3YW1jTTWv5m59LZW3HrZs72y9QqPN3hRt4Ky7Pj4W2Jddsl3wM0DNVh_d873dFTsyW7M9Zxn49ZRsrW9hjt-B3yv0rXV_YXQ84gtxbCW6xXBBn3-SJBBW6LTjxX7ccFD0N8Kvc2NZBBbmVxZBZw2pZ04gW6PHgGW18Q6xpVXYc118ZcYd_W86ZCB673Dr4MW7_ktZM8wbWJHW10Zxg048HgVJW6Lh-pM3pnR2lVwDX5W27KLBrVxp42m6n9s74W3xkrCW2910MWf74wJ0H04
https://directcommerce.zendesk.com/auth/v2/host/without_iframe.js
216.198.53.1
https://dcithdcanada.zendesk.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
216.198.54.1
https://dcithdcanada.zendesk.com/hc/theming_assets/10274078/360008151871/script.js?digest=27276995470605
216.198.54.1
https://www.zendesk.com/guide/features/knowledge-capture-app/
unknown
https://www.zendesk.com/guide/#gallery
unknown
https://github.com/zloirock/core-js
unknown
https://www.directcommerce.com/events/public/v1/encoded/track/tc/LW
unknown
https://static.zdassets.com/hc/assets/en-us.c803c23735f389538a43.js
216.198.54.3
https://static.zdassets.com/auth/65862f5e6fcaef29148ee7c7f0f3454a27eeefd9/v2/host-without-iframe.js
216.198.54.3
https://a.nel.cloudflare.com/report/v4?s=a79BmrXjgBFPTCeCIdnNoo1lr4ZLcF3cmvViSx4dnL%2Fi3wJdBEYkIZG1en6yOyQlRvUjibQdTDn%2Brs3%2FD1CFUt8lAXdIv8EB3%2BZYdCcV9I0v9EwBqPKgKMnhAlKH%2F0uL5NeznVTcu83LSQ%3D%3D
35.190.80.1
https://dcithdcanada.zendesk.com/hc/theming_assets/01HZH58AQWSTY58DCQNJYH1HB8
216.198.54.1
http://dbushell.com/
unknown
https://www.joshwcomeau.com/snippets/javascript/debounce/
unknown
https://static.zdassets.com/hc/assets/application-a42a464885a505c24ac3b0ab35047489.css
216.198.54.3
https://github.com/zloirock/core-js/blob/v3.25.0/LICENSE
unknown
https://a.nel.cloudflare.com/report/v4?s=Yct6h3v7I8vOFHfAcXJ71jMQEbKgwZGbUzgOCj%2BKi3yBL8CFrXZzKElwRwroLID%2BjIveaD0G%2FoXK7uOQWuea%2BohPtHSMxEbhfuPG8adRWEZOeBZi8t4orAr6Qw07hf%2F2T4FyRE2%2BaNBxUw%3D%3D
35.190.80.1
https://dcithdcanada.zendesk.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
216.198.54.1
https://dcithdcanada.zendesk.com/hc/theming_assets/01HZH58AKRGZZTD99KX7N0ZES7
216.198.54.1
https://dcithdcanada.zendesk.com/cdn-cgi/challenge-platform/h/b/jsd/r/8dace2d30a6c4602
216.198.54.1
https://dcithdcanada.zendesk.com/hc/api/internal/recent_activities?locale=en-us&page=1&per_page=5&locale=en-us
216.198.54.1
https://www.zendesk.com/answer-bot/
unknown
https://www.scottohara.me/blog/2022/02/19/custom-clear-buttons.html
unknown
https://static.zdassets.com/hc/assets/hc_enduser-23e36c78ae0da66580a2df231c4e23a4.js
216.198.54.3
https://a.nel.cloudflare.com/report/v4?s=jXWEFBEDSCsPddQ1H%2BdOCxDj8b1x7Sm6t%2F90yyn2DGZ2600oj0XVL2voq0WNzNloOldX1z0JZxT2oVMstFwC1jfkNfBCwpukb5qkhm5MHOwNeBXWq7gDgJt9HQYBBwcooAfVgE%2FjYrh7CQ%3D%3D
35.190.80.1
https://www.zendesk.com/embeddables/
unknown
https://adrianroselli.com/2019/07/ignore-typesearch.html#Delete
unknown
https://dcithdcanada.zendesk.com/hc/en-us
unknown
https://dcithdcanada.zendesk.com/hc/activity
216.198.54.1
https://dcithdcanada.zendesk.com/hc/api/internal/recent_activities.json?locale=en-us
unknown
https://www.zendesk.com/service/help-center/?utm_source=helpcenter&utm_medium=poweredbyzendesk&utm_c
unknown
https://dcithdcanada.zendesk.com/hc/theming_assets/10274078/360008151871/style.css?digest=27276995470605
216.198.54.1
https://twitter.com/adambsilver/status/1152452833234554880
unknown
https://assets.zendesk.com/hc/assets/default_avatar.png
unknown
There are 23 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
static.zdassets.com
216.198.54.3
a.nel.cloudflare.com
35.190.80.1
dcithdcanada.zendesk.com
216.198.54.1
www.google.com
172.217.18.4
directcommerce.zendesk.com
216.198.53.1
fp2e7a.wpc.phicdn.net
192.229.221.95
group6.sites.hscoscdn00.net
199.60.103.30
www.directcommerce.com
unknown

IPs

IP
Domain
Country
Malicious
172.217.18.4
www.google.com
United States
199.60.103.30
group6.sites.hscoscdn00.net
Canada
192.168.2.6
unknown
unknown
239.255.255.250
unknown
Reserved
216.198.54.3
static.zdassets.com
United States
216.198.54.1
dcithdcanada.zendesk.com
United States
216.198.53.1
directcommerce.zendesk.com
United States
35.190.80.1
a.nel.cloudflare.com
United States

DOM / HTML

URL
Malicious
https://dcithdcanada.zendesk.com/hc/en-us?utm_medium=email&_hsenc=p2ANqtz-8VGXhqtRUeR5B9oAaW2cd3YBZGt15T91TVwzURHsndsIVUiCNurZFcNLjRFhomLTkU69ams5scIkh8Fsr9lunsinq2KOocT90m4C65JYGeYUxpvYM&_hsmi=328556203&utm_content=328556203&utm_source=hs_email
https://dcithdcanada.zendesk.com/hc/en-us?utm_medium=email&_hsenc=p2ANqtz-8VGXhqtRUeR5B9oAaW2cd3YBZGt15T91TVwzURHsndsIVUiCNurZFcNLjRFhomLTkU69ams5scIkh8Fsr9lunsinq2KOocT90m4C65JYGeYUxpvYM&_hsmi=328556203&utm_content=328556203&utm_source=hs_email
https://dcithdcanada.zendesk.com/hc/en-us?utm_medium=email&_hsenc=p2ANqtz-8VGXhqtRUeR5B9oAaW2cd3YBZGt15T91TVwzURHsndsIVUiCNurZFcNLjRFhomLTkU69ams5scIkh8Fsr9lunsinq2KOocT90m4C65JYGeYUxpvYM&_hsmi=328556203&utm_content=328556203&utm_source=hs_email
https://dcithdcanada.zendesk.com/hc/en-us?utm_medium=email&_hsenc=p2ANqtz-8VGXhqtRUeR5B9oAaW2cd3YBZGt15T91TVwzURHsndsIVUiCNurZFcNLjRFhomLTkU69ams5scIkh8Fsr9lunsinq2KOocT90m4C65JYGeYUxpvYM&_hsmi=328556203&utm_content=328556203&utm_source=hs_email#main-content
https://dcithdcanada.zendesk.com/hc/en-us?utm_medium=email&_hsenc=p2ANqtz-8VGXhqtRUeR5B9oAaW2cd3YBZGt15T91TVwzURHsndsIVUiCNurZFcNLjRFhomLTkU69ams5scIkh8Fsr9lunsinq2KOocT90m4C65JYGeYUxpvYM&_hsmi=328556203&utm_content=328556203&utm_source=hs_email#main-content