IOC Report
phish_alert_sp2_2.0.0.0-1.eml

loading gifFilesURLsDomainsIPs101032Label

Files

File Path
Type
Category
Malicious
Download
phish_alert_sp2_2.0.0.0-1.eml
RFC 822 mail, ASCII text, with very long lines (2221), with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7256E2A8-0E52-42EC-B21D-288B322E43C6
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl
data
dropped
C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl
data
dropped

URLs

Name
IP
Malicious
https://future.aue.ae/assets/antibot.js
104.22.43.154
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
104.16.80.73
https://future.aue.ae/favicon.ico
104.22.43.154
https://future.aue.ae/cdn-cgi/rum?
104.22.43.154
https://future.aue.ae/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.22.43.154
https://future.aue.ae/wp-includes/images/w-logo-blue-white-bg.png
104.22.43.154

Domains

Name
IP
Malicious
knitlonger.tuopuwujin.com
172.64.80.1
 malicious
static.cloudflareinsights.com
104.16.80.73
nam04.safelinks.eop-tm2.outlook.com
104.47.74.28
future.aue.ae
104.22.43.154
www.google.com
142.251.40.228
s-0005.dual-s-dc-msedge.net
52.123.131.14
nam04.safelinks.protection.outlook.com
unknown

IPs

IP
Domain
Country
Malicious
172.64.80.1
knitlonger.tuopuwujin.com
United States
malicious
142.250.80.35
unknown
United States
104.22.42.154
unknown
United States
23.57.90.112
unknown
United States
192.168.2.16
unknown
unknown
142.251.40.228
www.google.com
United States
104.47.73.28
unknown
United States
13.107.42.16
unknown
United States
104.47.74.28
nam04.safelinks.eop-tm2.outlook.com
United States
104.16.80.73
static.cloudflareinsights.com
United States
23.9.183.29
unknown
United States
142.250.81.238
unknown
United States
142.251.167.84
unknown
United States
20.42.73.28
unknown
United States
104.22.43.154
future.aue.ae
United States
52.123.131.14
s-0005.dual-s-dc-msedge.net
United States
52.111.227.28
unknown
United States
52.109.0.91
unknown
United States
There are 8 hidden IPs, click here to show them.