IOC Report
http://www.btc1yby.blogspot.rs/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 04:38:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 04:38:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 04:38:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 04:38:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 04:38:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 101
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 102
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 103
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 104
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 105
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 106
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 107
Java source, ASCII text, with very long lines (6614)
dropped
Chrome Cache Entry: 108
Java source, ASCII text, with very long lines (365)
downloaded
Chrome Cache Entry: 109
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 110
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 111
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 112
ASCII text, with very long lines (719)
downloaded
Chrome Cache Entry: 113
Java source, ASCII text
downloaded
Chrome Cache Entry: 114
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 115
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 116
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 117
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 256x256, components 3
dropped
Chrome Cache Entry: 118
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 119
C++ source, ASCII text, with very long lines (425)
downloaded
Chrome Cache Entry: 120
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 121
Unicode text, UTF-8 text, with very long lines (25667)
downloaded
Chrome Cache Entry: 122
Unicode text, UTF-8 text, with very long lines (29624)
downloaded
Chrome Cache Entry: 123
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 124
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 125
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 256x256, components 3
dropped
Chrome Cache Entry: 126
JSON data
dropped
Chrome Cache Entry: 127
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 128
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 129
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 130
Java source, ASCII text, with very long lines (467)
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 132
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 133
PNG image data, 217 x 182, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 134
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 136
Java source, ASCII text, with very long lines (420)
downloaded
Chrome Cache Entry: 137
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 138
PNG image data, 126 x 127, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 139
Java source, ASCII text, with very long lines (6614)
downloaded
Chrome Cache Entry: 140
HTML document, ASCII text, with very long lines (8177)
downloaded
Chrome Cache Entry: 141
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 142
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 143
Unicode text, UTF-8 text, with very long lines (25667)
dropped
Chrome Cache Entry: 144
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 145
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 256x256, components 3
dropped
Chrome Cache Entry: 146
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 147
Java source, ASCII text, with very long lines (637)
dropped
Chrome Cache Entry: 148
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 149
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 150
Unicode text, UTF-8 text, with very long lines (29624)
dropped
Chrome Cache Entry: 151
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 152
Java source, ASCII text
dropped
Chrome Cache Entry: 153
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 154
JSON data
downloaded
Chrome Cache Entry: 155
JSON data
dropped
Chrome Cache Entry: 156
Java source, ASCII text, with very long lines (420)
dropped
Chrome Cache Entry: 157
PNG image data, 453 x 452, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 81
Java source, ASCII text, with very long lines (467)
dropped
Chrome Cache Entry: 82
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 83
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 256x256, components 3
dropped
Chrome Cache Entry: 84
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 85
Java source, ASCII text, with very long lines (637)
downloaded
Chrome Cache Entry: 86
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 87
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 88
JSON data
downloaded
Chrome Cache Entry: 89
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 256x256, components 3
dropped
Chrome Cache Entry: 90
JSON data
dropped
Chrome Cache Entry: 91
PNG image data, 453 x 452, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 92
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 256x256, components 3
dropped
Chrome Cache Entry: 93
JSON data
downloaded
Chrome Cache Entry: 94
PNG image data, 126 x 127, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 95
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 96
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 97
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 98
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 99
ASCII text, with very long lines (49996)
downloaded
There are 73 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2308,i,12748950226977557876,12713193615664518498,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.btc1yby.blogspot.rs/"

URLs

Name
IP
Malicious
http://www.btc1yby.blogspot.rs/
malicious
https://fastsminings.top/payouts/account/
malicious
https://fastsminings.top/payouts/img/page/mine.png
91.212.166.23
 malicious
https://fastsminings.top/payouts/
malicious
https://fastsminings.top/payouts/img/bitcoin.png
91.212.166.23
 malicious
https://fastsminings.top/payouts/img/bonus.png
91.212.166.23
 malicious
https://fastsminings.top/payouts/?b=YTo0OntzOjU6ImxhYmVsIjtzOjA6IiI7czozOiJ1c3IiO2k6ODM5O3M6NDoibm9wZCI7czoxMzoicml6ZWwtb25lLnRvcCI7czoxOiJvIjtpOjE7fQ==
91.212.166.23
 malicious
https://fastsminings.top/favicon.png
91.212.166.23
https://plus.unsplash.com/premium_photo-1673507503135-79a58e3ece0d?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
151.101.2.208
https://npms.io/search?q=ponyfill.
unknown
https://fastsminings.top/img/bg/plus.svg
91.212.166.23
https://fastsminings.top/_nuxt/index.86bede48.js
91.212.166.23
https://fastsminings.top/img/coins/xrp.png
91.212.166.23
https://themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1Ox
unknown
https://stackoverflow.com/a/63763497
unknown
https://rizel-one.top/go/539433/y2
91.212.166.23
https://draft.blogger.com/feeds/2810931346558265102/posts/default
unknown
https://fastsminings.top/_nuxt/entry.4e713294.js
91.212.166.23
https://fastsminings.top/_nuxt/url.0b90d914.js
91.212.166.23
https://images.unsplash.com/photo-1599566150163-29194dcaad36?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
151.101.2.208
https://fastsminings.top/_nuxt/OnlineUsers.13b0b975.js
91.212.166.23
https://draft.blogger.com/profile/02845417518048472711
unknown
https://fastsminings.top/img/coins/litecoin.png
91.212.166.23
http://www.offset.com/photos/394244
unknown
https://images.unsplash.com/photo-1674502374937-391815503667?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
151.101.2.208
https://www.blogblog.com/indie/mspin_white_large.svg)
unknown
https://images.unsplash.com/photo-1674490364497-ee1f32e4cb4c?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
151.101.2.208
http://btc1yby.blogspot.com/
172.217.21.33
https://www.blogger.com/go/report-abuse
unknown
https://fastsminings.top/img/coins/doge.png
91.212.166.23
https://btc1yby.blogspot.com/
172.217.21.33
https://btc1yby.blogspot.com/search
unknown
https://www.blogger.com/static/v1/v-css/1964470060-lightbox_bundle.css
unknown
https://api.coingecko.com/api/v3/simple/price?ids=bitcoin%2Cethereum%2Ccardano%2Cbitcoin-cash%2Clitecoin%2Cdogecoin%2Cripple%2Cmatic-network%2Cpolkadot%2Cbinancecoin%2Ctether%2Csolana&vs_currencies=usd&include_24hr_change=true&precision=2&1732599547255
104.22.78.164
https://fastsminings.top/_nuxt/index.b71f6f30.js
91.212.166.23
https://fastsminings.top/_nuxt/withdraw.20398557.js
91.212.166.23
https://openjsf.org/
unknown
https://fastsminings.top/img/bg/circuit.svg
91.212.166.23
https://www.blogger.com/static/v1/jsbin/2646514562-lbx.js
unknown
https://api.coingecko.com/api/v3/simple/price?ids=bitcoin%2Cethereum%2Ccardano%2Cbitcoin-cash%2Clitecoin%2Cdogecoin%2Cripple%2Cmatic-network%2Cpolkadot%2Cbinancecoin%2Ctether%2Csolana&vs_currencies=usd&include_24hr_change=true&precision=2&1732599530274
104.22.78.164
https://api.coingecko.com/api/v3/simple/price?ids=bitcoin%2Cethereum%2Ccardano%2Cbitcoin-cash%2Clitecoin%2Cdogecoin%2Cripple%2Cmatic-network%2Cpolkadot%2Cbinancecoin%2Ctether%2Csolana&vs_currencies=usd&include_24hr_change=true&precision=2&1732599562223
104.22.78.164
https://fastsminings.top/_nuxt/visit.4c68a206.js
91.212.166.23
https://github.com/dicebear/dicebear/blob/v4/packages/initials/LICENSE)
unknown
https://fastsminings.top/img/coins/bnb.png
91.212.166.23
http://json-schema.org/draft-07/schema#
unknown
https://draft.blogger.com
unknown
https://creativecommons.org/licenses/by-sa/4.0/).
unknown
https://www.blogger.com/static/v1/widgets/984859869-widgets.js
unknown
https://lodash.com/
unknown
https://fastsminings.top/img/coins/ada.png
91.212.166.23
https://fastsminings.top/img/coins/bitcoin.png
91.212.166.23
https://images.unsplash.com/photo-1671116807928-2963fe1e75c1?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
151.101.2.208
https://fastsminings.top/_nuxt/client-only.11dfce23.js
91.212.166.23
https://fastsminings.top/_nuxt/entry.816a5a0f.css
91.212.166.23
https://btc1yby.blogspot.com/feeds/posts/default
unknown
https://resources.blogblog.com/blogblog/data/res/3315978748-indie_compiled.js
unknown
https://fastsminings.top/img/coins/solana.png
91.212.166.23
http://underscorejs.org/LICENSE
unknown
https://fastsminings.top/img/coins/matic.png
91.212.166.23
https://fastsminings.top/_nuxt/error-component.e8645654.js
91.212.166.23
https://images.unsplash.com/photo-1672456465401-7ba2598de4c2?b=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80
151.101.2.208
http://www.btc1yby.blogspot.rs/
172.217.17.65
https://fastsminings.top/img/coins/bch.png
91.212.166.23
http://fastsminings.top/payouts/
91.212.166.23
https://wlcksz.eu/redirect.php
91.195.13.3
https://btc1yby.blogspot.com/favicon.ico
unknown
https://btc1yby.blogspot.com/feeds/posts/default?alt=rss
unknown
https://lodash.com/license
unknown
https://fastsminings.top/img/coins/dot.png
91.212.166.23
https://fastsminings.top/img/coins/ethereum.png
91.212.166.23
https://fastsminings.top/_nuxt/dayjs.min.467dc572.js
91.212.166.23
https://www.blogblog.com/indie/mspin_black_large.svg)
unknown
http://www.offset.com/photos/394244)
unknown
https://fastsminings.top/img/coins/usdt.png
91.212.166.23
There are 63 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
fastsminings.top
91.212.166.23
 malicious
wlcksz.eu
91.195.13.3
api.coingecko.com
104.22.78.164
rizel-one.top
91.212.166.23
blogspot.l.googleusercontent.com
172.217.17.65
www.google.com
172.217.21.36
dualstack.com.imgix.map.fastly.net
151.101.2.208
www.btc1yby.blogspot.rs
unknown
btc1yby.blogspot.com
unknown
plus.unsplash.com
unknown
images.unsplash.com
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
91.212.166.23
rizel-one.top
United Kingdom
malicious
91.195.13.3
wlcksz.eu
Poland
151.101.2.208
dualstack.com.imgix.map.fastly.net
United States
192.168.2.5
unknown
unknown
104.22.78.164
api.coingecko.com
United States
239.255.255.250
unknown
Reserved
151.101.66.208
unknown
United States
172.217.21.33
unknown
United States
172.217.17.65
blogspot.l.googleusercontent.com
United States
172.217.21.36
www.google.com
United States
172.67.12.83
unknown
United States
There are 1 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://fastsminings.top/payouts/
 malicious
https://fastsminings.top/payouts/
 malicious
https://fastsminings.top/payouts/
https://fastsminings.top/payouts/account/