IOC Report
https://s.id/nelsi

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 60
JSON data
dropped
Chrome Cache Entry: 61
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 62
JSON data
dropped
Chrome Cache Entry: 63
PNG image data, 3396 x 1920, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 64
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 65
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 66
JSON data
downloaded
Chrome Cache Entry: 67
ASCII text, with very long lines (65461)
dropped
Chrome Cache Entry: 68
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x628, components 3
dropped
Chrome Cache Entry: 69
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x628, components 3
downloaded
Chrome Cache Entry: 70
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 71
HTML document, ASCII text, with very long lines (32213), with CRLF line terminators
downloaded
Chrome Cache Entry: 72
HTML document, ASCII text
downloaded
Chrome Cache Entry: 73
ASCII text, with very long lines (65461)
downloaded
Chrome Cache Entry: 74
PNG image data, 3396 x 1920, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 75
HTML document, ASCII text, with very long lines (732)
dropped
Chrome Cache Entry: 76
HTML document, ASCII text, with very long lines (732)
downloaded
There are 8 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2188,i,933136859305315694,11948318455820294970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.id/nelsi"

URLs

Name
IP
Malicious
https://s.id/nelsi
malicious
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/5d70ce5a-98a5-ef11-8a66-000d3a106517/landingpageforms/forms/ce4a8ad1-b9a5-ef11-8a69-7c1e5248445e
52.146.76.30
https://s.id/nelsi
193.84.85.178
https://code.jquery.com/jquery-3.6.0.min.js
151.101.66.137
https://a.nel.cloudflare.com/report/v4?s=kPwBcF4tpdyORvqSUvp8WO9dPpYdEaCNYisIgw1p6lMVurTd5t7Panp0MfXIrEd2psOHGmMSjWY8WaFQbSFBPcySPf%2Fb5W8lKzscvWJwUOPpKLYIKaaugRznJ0aegw%3D%3D
35.190.80.1
https://assets-usa.mkt.dynamics.com/5d70ce5a-98a5-ef11-8a66-000d3a106517/digitalassets/standaloneforms/ce4a8ad1-b9a5-ef11-8a69-7c1e5248445e
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/5d70ce5a-98a5-ef11-8a66-000d3a106517/landingpagefo
unknown
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/5d70ce5a-98a5-ef11-8a66-000d3a106517/landingpageforms/forms/ce4a8ad1-b9a5-ef11-8a69-7c1e5248445e/visits
52.146.76.30
https://assets-usa.mkt.dynamics.com/5d70ce5a-98a5-ef11-8a66-000d3a106517/digitalassets/forms/ce4a8ad1-b9a5-ef11-8a69-7c1e5248445e
13.107.246.45
https://assets-usa.mkt.dynamics.com/5d70ce5a-98a5-ef11-8a66-000d3a106517/digitalassets/forms/ce4a8ad
unknown
https://n1.rughedle.ru/vCaS/
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdrhY6zM7txEf61nPO67_Cl7rOyCGsyEb9GaIEqe3M-p-yN2nJeBUGCXkDygK7t8xYVcKwSgu4v0_u6EZF5srUh16p0vNl1K8hBeBV8dg-KcOpt7y8vrkamMOU2HxW0STp0JDEp21FWuCWxDXZX0EtxoLPSBWR6WwhXZglXIvWXbh24ojuyofD6htY8D4/s3396/userinter.png
142.250.186.129
https://assets-usa.mkt.dynamics.com/favicon.ico
13.107.246.45
https://assets-usa.mkt.dynamics.com/5d70ce5a-98a5-ef11-8a66-000d3a106517/digitalassets/images/87b23b7b-b7a5-ef11-8a69-7c1e5248445e?ts=638675361001259852
13.107.246.45
https://n1.rughedle.ru/favicon.ico
172.67.176.42
https://assets-usa.mkt.dynamics.com/5d70ce5a-98a5-ef11-8a66-000d3a106517/digitalassets/images/87b23b
unknown
There are 5 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
a.nel.cloudflare.com
35.190.80.1
s.id
193.84.85.178
code.jquery.com
151.101.66.137
s-part-0017.t-0009.t-msedge.net
13.107.246.45
n1.rughedle.ru
172.67.176.42
www.google.com
142.250.185.196
prdia888eus0aks.mkt.dynamics.com
52.146.76.30
googlehosted.l.googleusercontent.com
142.250.186.129
public-usa.mkt.dynamics.com
unknown
assets-usa.mkt.dynamics.com
unknown
blogger.googleusercontent.com
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
216.58.206.33
unknown
United States
52.146.76.30
prdia888eus0aks.mkt.dynamics.com
United States
192.168.2.6
unknown
unknown
172.67.176.42
n1.rughedle.ru
United States
151.101.130.137
unknown
United States
142.250.186.129
googlehosted.l.googleusercontent.com
United States
239.255.255.250
unknown
Reserved
142.250.185.196
www.google.com
United States
192.168.2.23
unknown
unknown
193.84.85.178
s.id
unknown
151.101.66.137
code.jquery.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
There are 3 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://assets-usa.mkt.dynamics.com/5d70ce5a-98a5-ef11-8a66-000d3a106517/digitalassets/standaloneforms/ce4a8ad1-b9a5-ef11-8a69-7c1e5248445e
https://assets-usa.mkt.dynamics.com/5d70ce5a-98a5-ef11-8a66-000d3a106517/digitalassets/standaloneforms/ce4a8ad1-b9a5-ef11-8a69-7c1e5248445e
https://n1.rughedle.ru/vCaS/
https://n1.rughedle.ru/vCaS/
https://n1.rughedle.ru/vCaS/