IOC Report
http://whoatscpp.com/

loading gifFilesProcessesURLsDomainsIPsDOM10501032Label

Files

File Path
Type
Category
Malicious
Download
Chrome Cache Entry: 51
gzip compressed data, from Unix, original size modulo 2^32 288619
downloaded
Chrome Cache Entry: 52
gzip compressed data, from Unix, original size modulo 2^32 88534
downloaded
Chrome Cache Entry: 53
gzip compressed data, from Unix, original size modulo 2^32 10105
downloaded
Chrome Cache Entry: 54
gzip compressed data, from Unix, original size modulo 2^32 176618
dropped
Chrome Cache Entry: 55
gzip compressed data, from Unix, original size modulo 2^32 41279
downloaded
Chrome Cache Entry: 56
gzip compressed data, from Unix, original size modulo 2^32 259746
dropped
Chrome Cache Entry: 57
gzip compressed data, from Unix, original size modulo 2^32 15337
downloaded
Chrome Cache Entry: 58
gzip compressed data, from Unix, original size modulo 2^32 259746
downloaded
Chrome Cache Entry: 59
MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel
downloaded
Chrome Cache Entry: 60
MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel
dropped
Chrome Cache Entry: 61
gzip compressed data, from Unix, original size modulo 2^32 1727
downloaded
Chrome Cache Entry: 62
gzip compressed data, from Unix, original size modulo 2^32 373253
downloaded
Chrome Cache Entry: 63
gzip compressed data, from Unix, original size modulo 2^32 1079
downloaded
Chrome Cache Entry: 64
gzip compressed data, from Unix, original size modulo 2^32 11389
downloaded
Chrome Cache Entry: 65
gzip compressed data, from Unix, original size modulo 2^32 88534
dropped
Chrome Cache Entry: 66
gzip compressed data, from Unix, original size modulo 2^32 176618
downloaded
There are 7 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2316,i,7123596082075722532,14133485325710686952,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://whoatscpp.com/"

URLs

Name
IP
Malicious
http://whoatscpp.com/
malicious
http://whoatscpp.com/assets/duihao.DpUdSGAZ.js
134.122.177.183
malicious
http://whoatscpp.com/static/img/en/tips-android.png
134.122.177.183
malicious
http://whoatscpp.com/assets/wx_bg-D5K1m_Ya.png
134.122.177.183
malicious
http://whoatscpp.com/assets/favicon-DHKtsd26.ico
134.122.177.183
malicious
http://whoatscpp.com/assets/pages-index-index.DWPOidsK.js
134.122.177.183
malicious
http://whoatscpp.com/assets/uni.ba463125.css
134.122.177.183
malicious
http://whoatscpp.com/static/img/en/tips-iphone.png
134.122.177.183
malicious
http://whoatscpp.com/assets/index-Bwr7eIwN.css
134.122.177.183
malicious
http://whoatscpp.com/assets/index-ChhF0gOo.js
134.122.177.183
malicious
http://whoatscpp.com/
134.122.177.183
malicious
http://whoatscpp.com/assets/index-BJcR9W56.css
134.122.177.183
malicious
http://whoatscpp.com/#/
malicious
http://whoatscpp.com/assets/duihao-UdTaxWoi.css
134.122.177.183
malicious
There are 3 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
kf.441jv.com
202.162.99.76
whoatscpp.com
134.122.177.183
beacons-handoff.gcp.gvt2.com
142.250.180.99
www.google.com
142.250.186.68
beacons.gvt2.com
142.250.180.67
cdn.dcloud.net.cn
124.220.205.65
beacons6.gvt2.com
216.58.206.67
beacons.gcp.gvt2.com
unknown

IPs

IP
Domain
Country
Malicious
142.250.186.68
www.google.com
United States
202.162.99.76
kf.441jv.com
Singapore
134.122.177.183
whoatscpp.com
United States
192.168.2.4
unknown
unknown
192.168.2.5
unknown
unknown
142.250.186.131
unknown
United States
124.220.205.65
cdn.dcloud.net.cn
China

DOM / HTML

URL
Malicious
http://whoatscpp.com/#/
malicious
http://whoatscpp.com/#/