IOC Report
https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US

loading gifFilesURLsDomainsIPs20102Label

Files

File Path
Type
Category
Malicious
Download
Chrome Cache Entry: 102
ASCII text
downloaded
Chrome Cache Entry: 103
ASCII text, with very long lines (52276)
downloaded
Chrome Cache Entry: 104
ASCII text, with very long lines (20912)
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (1700)
downloaded
Chrome Cache Entry: 107
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 108
ASCII text, with very long lines (65356)
downloaded
Chrome Cache Entry: 109
MS Windows icon resource - 5 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
downloaded
Chrome Cache Entry: 110
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
downloaded
Chrome Cache Entry: 111
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142588
downloaded
Chrome Cache Entry: 113
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
dropped
Chrome Cache Entry: 114
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 115
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 117
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 118
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 58644
downloaded
Chrome Cache Entry: 119
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 120
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 121
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 122
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 123
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 124
JSON data
dropped
Chrome Cache Entry: 125
ASCII text
downloaded
Chrome Cache Entry: 126
ASCII text, with very long lines (31980)
downloaded
Chrome Cache Entry: 127
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
downloaded
Chrome Cache Entry: 129
ASCII text, with very long lines (65299)
downloaded
Chrome Cache Entry: 130
Unicode text, UTF-8 text, with very long lines (65342)
downloaded
Chrome Cache Entry: 137
Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280
downloaded
Chrome Cache Entry: 138
ASCII text, with very long lines (646)
downloaded
Chrome Cache Entry: 86
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
downloaded
Chrome Cache Entry: 87
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 88
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 91
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 455667
downloaded
Chrome Cache Entry: 92
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 93
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 94
PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 95
HTML document, ASCII text, with very long lines (3445), with CRLF line terminators
downloaded
Chrome Cache Entry: 96
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755
downloaded
Chrome Cache Entry: 97
ASCII text, with very long lines (20033)
downloaded
Chrome Cache Entry: 98
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 99
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
downloaded
There are 30 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US
https://ex.encryptedmessage.net/lib/js-cookie/3.0.5/dist/js.cookie.min-ae11f74bdaae51ba13385aa097723268.js
15.156.131.241
https://ex.encryptedmessage.net/lib/font-awesome/6.4.2/css/all.min-5222e06b77a1692fa2520a219840e6be.css
15.156.131.241
https://ex.encryptedmessage.net/lib/font-awesome/6.4.2/webfonts/fa-solid-900-d5e647388e2415268b700d3df2e30a0d.woff2
15.156.131.241
https://ex.encryptedmessage.net/lib/bootstrap/5.3.1/js/bootstrap.bundle.min-e2b09c06f0e714b6144a6788a28e3950.js
15.156.131.241
https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US
15.156.131.241
https://ex.encryptedmessage.net/oauth/redirect?oauth_app_id=3
15.156.131.241
https://ex.encryptedmessage.net/branding/shwetagujaran/en_US/images/favicon-e283b6aeaa78ba7398d2c211675c4907.ico
15.156.131.241
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-linkedin-82739d35031efd67455dd9ab7cf2b73b.png
15.156.131.241
https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-office365-5dc02a97b60bf560437a756de1eb962e.png
15.156.131.241
https://ex.encryptedmessage.net/lib/bootstrap/5.3.1/css/bootstrap.min-896192cc65e20f1fcc6d792b5b9a4626.css
15.156.131.241
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno
23.204.152.7
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-live-0c29638c7558632a1a5f053d344405ba.png
15.156.131.241
https://ex.encryptedmessage.net/js/emx.runner-0a18ee1303a0f6769b4a8d1f67a6e87e.js
15.156.131.241
https://ex.encryptedmessage.net/lib/jquery/3.7.1/jquery.min-2c872dbe60f4ba70fb85356113d8b35e.js
15.156.131.241
https://ex.encryptedmessage.net/branding/shwetagujaran/en_US/custom-e254c0cef93ed2c3806b68efc4138e61.css
15.156.131.241
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-salesforce-775689b0bcda294bcd144887793cf544.png
15.156.131.241
https://ex.encryptedmessage.net/branding/shwetagujaran/en_US/enterprise.bundle-7ab156563ef53e8490cfe6acda805b47.css
15.156.131.241
https://ex.encryptedmessage.net/js/emx.bundle.min-86fc922d2fb394a37c85eaa4e56f60ed.js
15.156.131.241
https://ex.encryptedmessage.net/lib/bootstrap-datepicker/1.10.0/js/bootstrap-datepicker.min-a96aac4929372486ac749f94ba3c3175.js
15.156.131.241
https://ex.encryptedmessage.net/branding/shwetagujaran/en_US/images/web_logo-32675a1fb88c5b6ff52b6d61e0f5256e.gif
15.156.131.241
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-facebook-b18683abb49575e19fb83021573ee32c.png
15.156.131.241
https://ex.encryptedmessage.net/css/emx.bundle-3975cbf626d6d7960ebca176ffe9840f.css
15.156.131.241
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-google-1b6f146547a097e6fc3d8179b333939a.png
15.156.131.241
https://ex.encryptedmessage.net/lib/bootstrap-datepicker/1.10.0/css/bootstrap-datepicker3.min-c728c2322fd538c74766c0dcbac43b83.css
15.156.131.241
https://ex.encryptedmessage.net/lib/popperjs__core/2.11.8/dist/umd/popper.min-31032b08bd8e72220462d3f54f8bd69a.js
15.156.131.241
There are 16 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0012.t-0009.t-msedge.net
13.107.246.40
echoworx-can-1157909266.ca-central-1.elb.amazonaws.com
15.156.131.241
e329293.dscd.akamaiedge.net
104.70.121.41
www.google.com
142.251.40.164
a1894.dscb.akamai.net
23.204.152.7
www.tm.a.prd.aadg.trafficmanager.net
40.126.24.148
identity.nel.measure.office.net
unknown
aadcdn.msftauth.net
unknown
login.microsoftonline.com
unknown
ex.encryptedmessage.net
unknown

IPs

IP
Domain
Country
Malicious
15.157.43.57
unknown
United States
64.233.180.84
unknown
United States
142.250.72.106
unknown
United States
1.1.1.1
unknown
Australia
13.107.246.40
s-part-0012.t-0009.t-msedge.net
United States
172.217.165.138
unknown
United States
142.250.65.174
unknown
United States
40.126.24.148
www.tm.a.prd.aadg.trafficmanager.net
United States
23.223.209.79
unknown
United States
192.168.2.16
unknown
unknown
15.156.131.241
echoworx-can-1157909266.ca-central-1.elb.amazonaws.com
United States
23.204.152.7
a1894.dscb.akamai.net
United States
40.126.35.64
unknown
United States
142.250.80.67
unknown
United States
142.251.40.164
www.google.com
United States
142.251.40.142
unknown
United States
20.42.65.89
unknown
United States
142.250.65.238
unknown
United States
52.168.117.169
unknown
United States
142.251.41.3
unknown
United States
20.190.152.19
unknown
United States
142.251.35.163
unknown
United States
There are 12 hidden IPs, click here to show them.