IOC Report
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
Unicode text, UTF-8 text, with very long lines (680)
downloaded
Chrome Cache Entry: 101
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 102
PNG image data, 30 x 22, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 103
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 104
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 105
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 106
Unicode text, UTF-8 text, with very long lines (309)
downloaded
Chrome Cache Entry: 107
HTML document, ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 108
ASCII text
downloaded
Chrome Cache Entry: 109
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 110
PNG image data, 475 x 114, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 111
PNG image data, 9 x 5, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 112
PNG image data, 664 x 363, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 113
ASCII text, with very long lines (32030)
downloaded
Chrome Cache Entry: 114
HTML document, ASCII text, with very long lines (65526), with CRLF line terminators
downloaded
Chrome Cache Entry: 115
ASCII text, with very long lines (39660)
downloaded
Chrome Cache Entry: 116
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 117
PNG image data, 36 x 37, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 118
PNG image data, 530 x 358, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 119
PNG image data, 530 x 358, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 120
ASCII text, with very long lines (32065)
dropped
Chrome Cache Entry: 121
ASCII text, with very long lines (3907), with CRLF line terminators
downloaded
Chrome Cache Entry: 122
PNG image data, 1 x 358, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 123
Unicode text, UTF-8 text
dropped
Chrome Cache Entry: 124
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 125
PNG image data, 664 x 363, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 126
PNG image data, 475 x 114, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 127
ASCII text, with very long lines (3835)
downloaded
Chrome Cache Entry: 128
HTML document, ASCII text, with very long lines (989)
downloaded
Chrome Cache Entry: 129
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 2000x1053, components 3
dropped
Chrome Cache Entry: 130
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x989, components 3
dropped
Chrome Cache Entry: 131
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 132
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x989, components 3
downloaded
Chrome Cache Entry: 133
ASCII text, with very long lines (2343)
dropped
Chrome Cache Entry: 134
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x992, components 3
dropped
Chrome Cache Entry: 135
PNG image data, 238 x 24, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 136
PNG image data, 30 x 22, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 137
PNG image data, 238 x 24, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 138
PNG image data, 664 x 363, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 139
PNG image data, 36 x 37, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 140
ASCII text, with very long lines (39660)
dropped
Chrome Cache Entry: 141
ASCII text, with very long lines (3907), with CRLF line terminators
dropped
Chrome Cache Entry: 142
PNG image data, 530 x 358, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 143
Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 144
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 145
PNG image data, 586 x 92, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 146
PNG image data, 475 x 114, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 147
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 2000x1053, components 3
downloaded
Chrome Cache Entry: 148
ASCII text
dropped
Chrome Cache Entry: 149
HTML document, ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 150
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 151
PNG image data, 9 x 5, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 152
PNG image data, 1 x 358, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 153
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 154
ASCII text, with very long lines (32030)
dropped
Chrome Cache Entry: 155
ASCII text, with very long lines (3835)
dropped
Chrome Cache Entry: 156
PNG image data, 664 x 363, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 157
JSON data
downloaded
Chrome Cache Entry: 158
ASCII text, with very long lines (2343)
downloaded
Chrome Cache Entry: 159
Unicode text, UTF-8 text, with very long lines (378), with CRLF line terminators
downloaded
Chrome Cache Entry: 160
ASCII text, with very long lines (3835)
downloaded
Chrome Cache Entry: 161
ASCII text, with very long lines (3835)
dropped
Chrome Cache Entry: 162
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 163
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 164
Web Open Font Format (Version 2), TrueType, length 696072, version 2.1966
downloaded
Chrome Cache Entry: 165
ASCII text
downloaded
Chrome Cache Entry: 166
PNG image data, 530 x 358, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 167
PNG image data, 166 x 24, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 168
Web Open Font Format (Version 2), TrueType, length 721556, version 2.1966
downloaded
Chrome Cache Entry: 169
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 170
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 93
PNG image data, 166 x 24, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 94
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 95
PNG image data, 475 x 114, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 96
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x992, components 3
downloaded
Chrome Cache Entry: 97
JSON data
dropped
Chrome Cache Entry: 98
ASCII text, with very long lines (32030)
downloaded
Chrome Cache Entry: 99
PNG image data, 586 x 92, 8-bit/color RGBA, non-interlaced
downloaded
There are 69 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=2436,i,8146624104305031454,14140284813643305396,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com"

URLs

Name
IP
Malicious
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
malicious
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
malicious
https://webmail.jqswim.com/ff-vs/true/?utu=byoungjo.yoo@hyundaimovex.com
193.42.63.129
 malicious
https://stats.g.doubleclick.net/g/collect
unknown
http://stackoverflow.com/a/19465187/1081396)
unknown
https://jsfiddle.net/9s97hhzv/1/
unknown
https://themes.googleusercontent.com/static/fonts/earlyaccess/nanumgothic/v4/NanumGothic-Bold.woff2
142.250.181.65
https://www.hyundaimovex.com/images/common/bg_null.png
211.43.203.70
https://developers.google.com/web/fundamentals/accessibility/focus/using-tabindex
unknown
https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
unknown
https://dns.google/resolve?name=hyundaimovex.com&type=MX
8.8.4.4
https://ampcid.google.com/v1/publisher:getClientId
unknown
https://promisesaplus.com/#point-75
unknown
https://stackoverflow.com/a/4793630/1081396
unknown
https://www.hyundaimovex.com/images/main/visu_01_txt.png
211.43.203.70
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
unknown
https://bugs.webkit.org/show_bug.cgi?id=29084
unknown
https://jsfiddle.net/w1rktecz/
unknown
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
unknown
https://github.com/eslint/eslint/issues/6125
unknown
https://www.google.com
unknown
https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
unknown
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
unknown
https://www.hyundaimovex.com/images/main/main_it_txt_m.png?04
211.43.203.70
https://www.hyundaimovex.com/js/placeholder.js
211.43.203.70
https://bugzilla.mozilla.org/show_bug.cgi?id=687787
unknown
https://www.hyundaimovex.com/images/main/main_logis2.jpg
211.43.203.70
https://www.openprovider.nl/images/logo_ssl_comodo.gif)
unknown
https://www.hyundaimovex.com/images/main/icon_close.png
211.43.203.70
https://stats.g.doubleclick.net/j/collect
unknown
https://www.hyundaimovex.com/images/main/btn_it.png
211.43.203.70
https://bugs.chromium.org/p/chromium/issues/detail?id=470258
unknown
https://bugs.jquery.com/ticket/13378
unknown
https://www.hyundaimovex.com/images/main/icon_menu.png
211.43.203.70
http://flowplayer.org/tools/img/overlay/white.png)
unknown
https://promisesaplus.com/#point-64
unknown
https://www.hyundaimovex.com/images/main/main_logis_txt_m.png?04
211.43.203.70
https://promisesaplus.com/#point-61
unknown
https://www.hyundaimovex.com/images/main/visu_02.jpg
211.43.203.70
http://blogs.sitepointstatic.com/examples/tech/mouse-wheel/index.html
unknown
https://github.com/udacity/ud891/blob/gh-pages/lesson2-focus/07-modals-and-keyboard-traps/solution/m
unknown
https://github.com/alvarotrigo/fullPage.js/issues/1502
unknown
https://www.hyundaimovex.com/css/index.css?1735170727
211.43.203.70
https://www.hyundaimovex.com/images/main/main_it_txt.png?04
211.43.203.70
https://jsfiddle.net/oya6ndka/4/
unknown
https://jsfiddle.net/qwzc7oy3/27/
unknown
https://jsfiddle.net/qwzc7oy3/15/
unknown
https://jsperf.com/getall-vs-sizzle/2
unknown
http://alvarotrigo.com/fullPage/pricing/
unknown
https://www.hyundaimovex.com/images/common/header_bg01.png
211.43.203.70
https://www.hyundaimovex.com/images/common/logo.png
211.43.203.70
https://icann-verification.registrar.eu/css/screen.css
93.180.71.227
https://cct.google/taggy/agent.js
unknown
http://stackoverflow.com/questions/5661671/detecting-transform-translate3d-support
unknown
https://developer.mozilla.org/en-US/docs/CSS/display
unknown
https://icann.org/
192.0.43.7
https://jquery.com/
unknown
http://stackoverflow.com/questions/22100853/dom-pure-javascript-solution-to-jquery-closest-implement
unknown
https://www.google.%/ads/ga-audiences
unknown
http://docs.jquery.com/License
unknown
https://github.com/alvarotrigo/fullPage.js/issues/194#issuecomment-34069854
unknown
https://github.com/jquery/sizzle/pull/225
unknown
https://sizzlejs.com/
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=449857
unknown
http://stackoverflow.com/a/16136789/1081396
unknown
http://www.sitepoint.com/html5-javascript-mouse-wheel/
unknown
https://www.hyundaimovex.com/images/common/logo_w.png
211.43.203.70
https://bugs.webkit.org/show_bug.cgi?id=136851
unknown
http://www.hosting-concepts.nl
unknown
http://jquery.org/license
unknown
https://www.hyundaimovex.com/js/fullpage.js
211.43.203.70
https://jsperf.com/thor-indexof-vs-for/5
unknown
https://bugs.jquery.com/ticket/12359
unknown
http://sizzlejs.com/
unknown
https://html.spec.whatwg.org/#strip-and-collapse-whitespace
unknown
https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
unknown
https://www.hyundaimovex.com/css/fullpage.css
211.43.203.70
https://drafts.csswg.org/cssom/#common-serializing-idioms
unknown
https://jsfiddle.net/zexxz0tw/6/
unknown
https://stackoverflow.com/a/19316024/1081396
unknown
https://www.hyundaimovex.com/
211.43.203.70
https://github.com/jquery/jquery/pull/557)
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=378607
unknown
https://www.hyundaimovex.com/js/jquery.min.js
211.43.203.70
https://linkgrid.ink/ff/jm/php/othersm.php
198.54.116.86
https://www.hyundaimovex.com/images/main/main_it2.jpg
211.43.203.70
https://stackoverflow.com/a/21817590/1081396
unknown
https://stackoverflow.com/a/494348/1081396
unknown
https://webmail.jqswim.com/ff-vs/true/css/hover.css
193.42.63.129
https://www.hyundaimovex.com/images/main/main_logis_txt.png?04
211.43.203.70
https://drafts.csswg.org/cssom/#resolved-values
unknown
https://github.com/alvarotrigo/fullPage.js
unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=589347
unknown
https://www.hyundaimovex.com/images/main/btn_ls.png
211.43.203.70
https://code.jquery.com/jquery-3.1.1.min.js
151.101.130.137
https://www.openprovider.nl/images/logo_ssl_verisign.gif)
unknown
https://www.openprovider.nl/images/logo_ssl_thawte.gif)
unknown
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
unknown
https://themes.googleusercontent.com/static/fonts/earlyaccess/nanumgothic/v4/NanumGothic-Regular.woff2
142.250.181.65
http://alvarotrigo.com/fullPage
unknown
https://tagassistant.google.com/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
webmail.jqswim.com
193.42.63.129
 malicious
webmail.buzja.com
172.67.167.59
 malicious
gateway.lighthouse.storage
unknown
 malicious
icann.org
192.0.43.7
d1zwe7rg2uojh7.cloudfront.net
13.227.8.12
code.jquery.com
151.101.130.137
linkgrid.ink
198.54.116.86
www.google.com
172.217.21.36
icann-verification.registrar.eu
93.180.71.227
googlehosted.l.googleusercontent.com
142.250.181.65
www.hyundaimovex.com
211.43.203.70
dns.google
8.8.4.4
kit.fontawesome.com
unknown
themes.googleusercontent.com
unknown
www.icann.org
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.67.167.59
webmail.buzja.com
United States
malicious
193.42.63.129
webmail.jqswim.com
Germany
malicious
192.0.43.7
icann.org
United States
8.8.4.4
dns.google
United States
192.168.2.4
unknown
unknown
151.101.130.137
code.jquery.com
United States
8.8.8.8
unknown
United States
13.227.8.12
d1zwe7rg2uojh7.cloudfront.net
United States
172.217.21.36
www.google.com
United States
151.101.194.137
unknown
United States
142.250.181.65
googlehosted.l.googleusercontent.com
United States
211.43.203.70
www.hyundaimovex.com
Korea Republic of
198.54.116.86
linkgrid.ink
United States
239.255.255.250
unknown
Reserved
93.180.71.228
unknown
Netherlands
93.180.71.227
icann-verification.registrar.eu
Netherlands
There are 6 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
 malicious
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
 malicious
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
 malicious
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
 malicious
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com
https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.com