IOC Report
http://l9sa.github.io/

loading gif

Files

File Path
Type
Category
Malicious
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3272_1292434547\LICENSE
ASCII text
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3272_1292434547\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3272_1292434547\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3272_1292434547\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3272_1292434547\sets.json
JSON data
dropped
Chrome Cache Entry: 193
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 194
ASCII text, with very long lines (15396)
downloaded
Chrome Cache Entry: 195
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 196
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 197
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
dropped
Chrome Cache Entry: 198
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 199
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 200
ASCII text, with very long lines (3637)
downloaded
Chrome Cache Entry: 201
ASCII text, with very long lines (65324)
downloaded
Chrome Cache Entry: 202
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
downloaded
Chrome Cache Entry: 203
HTML document, Unicode text, UTF-8 text, with very long lines (23190), with CRLF line terminators
downloaded
Chrome Cache Entry: 204
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 205
PNG image data, 1704 x 1188, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 206
ASCII text, with very long lines (27557)
downloaded
Chrome Cache Entry: 207
PNG image data, 1446 x 906, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 208
ASCII text, with very long lines (65402)
downloaded
Chrome Cache Entry: 209
ASCII text, with very long lines (52064)
downloaded
Chrome Cache Entry: 210
ASCII text, with very long lines (65460)
dropped
Chrome Cache Entry: 211
ASCII text, with very long lines (2824)
downloaded
Chrome Cache Entry: 212
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 213
Unicode text, UTF-8 (with BOM) text, with very long lines (5167), with no line terminators
downloaded
Chrome Cache Entry: 214
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 215
PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 216
ASCII text, with very long lines (2674)
downloaded
Chrome Cache Entry: 217
ASCII text, with very long lines (503)
downloaded
Chrome Cache Entry: 218
PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 219
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 220
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
downloaded
Chrome Cache Entry: 221
Unicode text, UTF-8 (with BOM) text, with very long lines (65513), with no line terminators
downloaded
Chrome Cache Entry: 222
JSON data
dropped
Chrome Cache Entry: 223
Web Open Font Format (Version 2), TrueType, length 45108, version 1.0
downloaded
Chrome Cache Entry: 224
ASCII text, with very long lines (65297)
downloaded
Chrome Cache Entry: 225
ASCII text, with very long lines (65398)
downloaded
Chrome Cache Entry: 226
ASCII text, with very long lines (65398)
dropped
Chrome Cache Entry: 227
Unicode text, UTF-8 text, with very long lines (45900)
downloaded
Chrome Cache Entry: 228
PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 229
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881
downloaded
Chrome Cache Entry: 230
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 231
ASCII text, with very long lines (15396)
dropped
Chrome Cache Entry: 232
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 233
ASCII text, with very long lines (2230), with no line terminators
downloaded
Chrome Cache Entry: 234
ASCII text, with very long lines (2344), with no line terminators
downloaded
Chrome Cache Entry: 235
ASCII text, with very long lines (56994)
downloaded
Chrome Cache Entry: 236
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 237
ASCII text, with very long lines (65402)
dropped
Chrome Cache Entry: 238
ASCII text, with very long lines (65394)
dropped
Chrome Cache Entry: 239
ASCII text, with very long lines (3637)
dropped
Chrome Cache Entry: 240
PNG image data, 297 x 166, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 241
HTML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 242
PNG image data, 1446 x 906, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 243
ASCII text, with very long lines (4873), with no line terminators
downloaded
Chrome Cache Entry: 244
Web Open Font Format (Version 2), TrueType, length 13576, version 330.-16253
downloaded
Chrome Cache Entry: 245
ASCII text, with very long lines (2824)
dropped
Chrome Cache Entry: 246
Unicode text, UTF-8 text, with very long lines (45900)
dropped
Chrome Cache Entry: 247
JSON data
dropped
Chrome Cache Entry: 248
PNG image data, 3840 x 2158, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 249
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 250
PNG image data, 297 x 166, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 251
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 252
Web Open Font Format (Version 2), TrueType, length 36748, version 0.0
downloaded
Chrome Cache Entry: 253
Unicode text, UTF-8 (with BOM) text, with very long lines (26071), with no line terminators
downloaded
Chrome Cache Entry: 254
Unicode text, UTF-8 (with BOM) text, with very long lines (10387), with no line terminators
downloaded
Chrome Cache Entry: 255
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 256
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881
dropped
Chrome Cache Entry: 257
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 258
Unicode text, UTF-8 text, with very long lines (64241)
downloaded
Chrome Cache Entry: 259
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 260
ASCII text, with very long lines (1789), with no line terminators
downloaded
Chrome Cache Entry: 261
ASCII text, with very long lines (4370), with no line terminators
downloaded
Chrome Cache Entry: 262
ASCII text, with very long lines (2974), with no line terminators
downloaded
Chrome Cache Entry: 263
ASCII text, with very long lines (17287), with no line terminators
downloaded
Chrome Cache Entry: 264
ASCII text, with very long lines (65451)
dropped
Chrome Cache Entry: 265
PNG image data, 3840 x 2158, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 266
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 267
PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 268
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 269
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 270
Unicode text, UTF-8 (with BOM) text, with very long lines (12305), with no line terminators
downloaded
Chrome Cache Entry: 271
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 272
ASCII text, with very long lines (65394)
downloaded
Chrome Cache Entry: 273
ASCII text, with very long lines (65297)
dropped
Chrome Cache Entry: 274
PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 275
ASCII text, with very long lines (2674)
dropped
Chrome Cache Entry: 276
ASCII text, with very long lines (34235), with CRLF, LF line terminators
dropped
Chrome Cache Entry: 277
ASCII text, with very long lines (30237)
dropped
Chrome Cache Entry: 278
JSON data
dropped
Chrome Cache Entry: 279
ASCII text, with very long lines (6125), with no line terminators
downloaded
Chrome Cache Entry: 280
ASCII text, with very long lines (780), with no line terminators
downloaded
Chrome Cache Entry: 281
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 282
ASCII text, with very long lines (42133)
downloaded
Chrome Cache Entry: 283
PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 284
ASCII text, with very long lines (34235), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 285
ASCII text, with very long lines (65460)
downloaded
Chrome Cache Entry: 286
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 287
PNG image data, 262 x 96, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 288
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 289
Unicode text, UTF-8 text, with very long lines (56015)
downloaded
Chrome Cache Entry: 290
ASCII text, with very long lines (65451)
dropped
Chrome Cache Entry: 291
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678
dropped
Chrome Cache Entry: 292
PNG image data, 594 x 332, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 293
PNG image data, 1704 x 1188, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 294
Unicode text, UTF-8 text, with very long lines (56015)
dropped
Chrome Cache Entry: 295
HTML document, ASCII text, with very long lines (918)
downloaded
Chrome Cache Entry: 296
Web Open Font Format (Version 2), TrueType, length 29888, version 0.0
downloaded
Chrome Cache Entry: 297
ASCII text, with very long lines (503)
dropped
Chrome Cache Entry: 298
Web Open Font Format, TrueType, length 26288, version 0.0
downloaded
Chrome Cache Entry: 299
HTML document, ASCII text, with very long lines (2639), with CRLF line terminators
downloaded
Chrome Cache Entry: 300
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 301
PNG image data, 262 x 96, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 302
ASCII text, with very long lines (30237)
downloaded
Chrome Cache Entry: 303
ASCII text, with very long lines (52064)
dropped
Chrome Cache Entry: 304
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678
downloaded
Chrome Cache Entry: 305
ASCII text, with very long lines (42133)
dropped
Chrome Cache Entry: 306
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 307
ASCII text, with very long lines (17287), with no line terminators
dropped
Chrome Cache Entry: 308
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 309
ASCII text, with very long lines (3385), with no line terminators
downloaded
Chrome Cache Entry: 310
ASCII text, with no line terminators
downloaded
There are 114 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2256,i,18392607891102522475,18317958788277072276,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://l9sa.github.io/"

URLs

Name
IP
Malicious
http://l9sa.github.io/
malicious
https://l9sa.github.io/assets/css/styles.min.css
185.199.108.153
 malicious
https://wieistmeineip.de
unknown
https://mercadoshops.com.co
unknown
https://gliadomain.com
unknown
https://poalim.xyz
unknown
https://mercadolivre.com
unknown
https://client.hsprotect.net/PXzC5j78di/main.min.js
unknown
https://reshim.org
unknown
https://nourishingpursuits.com
unknown
https://medonet.pl
unknown
https://unotv.com
unknown
https://mercadoshops.com.br
unknown
https://joyreactor.cc
unknown
https://icons8.com/line-awesome
unknown
https://zdrowietvn.pl
unknown
https://johndeere.com
unknown
https://fontawesome.com
unknown
https://songstats.com
unknown
https://baomoi.com
unknown
https://supereva.it
unknown
https://elfinancierocr.com
unknown
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://bolasport.com
unknown
https://rws1nvtvt.com
unknown
https://desimartini.com
unknown
https://hearty.app
unknown
https://hearty.gift
unknown
https://mercadoshops.com
unknown
https://heartymail.com
unknown
https://nlc.hu
unknown
https://p106.net
unknown
https://radio2.be
unknown
https://finn.no
unknown
https://hc1.com
unknown
https://kompas.tv
unknown
https://mystudentdashboard.com
unknown
https://songshare.com
unknown
https://smaker.pl
unknown
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js
13.107.246.45
https://mercadopago.com.mx
unknown
https://p24.hu
unknown
https://talkdeskqaid.com
unknown
https://24.hu
unknown
https://mercadopago.com.pe
unknown
https://cardsayings.net
unknown
https://mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meCore.min.js
13.107.246.60
https://text.com
unknown
https://mightytext.net
unknown
https://pudelek.pl
unknown
https://hazipatika.com
unknown
https://joyreactor.com
unknown
https://cookreactor.com
unknown
https://wildixin.com
unknown
https://eworkbookcloud.com
unknown
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js
104.17.25.14
https://cognitiveai.ru
unknown
https://github.com/douglascrockford/JSON-js
unknown
https://nacion.com
unknown
https://chennien.com
unknown
https://discord.com/api/webhooks/1148571982691053641/GtFJLiLbLplmA_5L5J7VxuFVyUYHT9PQS-KJXLqwu0D9ZHD
unknown
https://drimer.travel
unknown
https://deccoria.pl
unknown
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css
104.17.25.14
https://twitter.com/icons_8
unknown
https://mercadopago.cl
unknown
https://plus.google.com/
unknown
https://talkdeskstgid.com
unknown
https://naukri.com
unknown
http://www.opensource.org/licenses/mit-license.php)
unknown
https://interia.pl
unknown
https://bonvivir.com
unknown
https://carcostadvisor.be
unknown
https://salemovetravel.com
unknown
https://sapo.io
unknown
https://wpext.pl
unknown
https://welt.de
unknown
https://poalim.site
unknown
https://drimer.io
unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://infoedgeindia.com
unknown
https://blackrockadvisorelite.it
unknown
https://cognitive-ai.ru
unknown
https://cafemedia.com
unknown
https://graziadaily.co.uk
unknown
https://thirdspace.org.au
unknown
https://mercadoshops.com.ar
unknown
https://smpn106jkt.sch.id
unknown
https://elpais.uy
unknown
https://landyrev.com
unknown
https://icons8.com/good-boy-license/
unknown
https://the42.ie
unknown
https://mem.gfx.ms/scripts/me/MeControl/10.24086.4/en-US/meBoot.min.js
13.107.246.60
https://commentcamarche.com
unknown
https://tucarro.com.ve
unknown
https://rws3nvtvt.com
unknown
https://eleconomista.net
unknown
https://helpdesk.com
unknown
https://mercadolivre.com.br
unknown
https://clmbtech.com
unknown
https://standardsandpraiserepurpose.com
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0016.t-0009.t-msedge.net
13.107.246.44
sni1gl.wpc.alphacdn.net
152.199.21.175
s-part-0017.t-0009.t-msedge.net
13.107.246.45
s-part-0045.t-0009.t-msedge.net
13.107.246.73
fp2e7a.wpc.phicdn.net
192.229.221.95
l9sa.github.io
185.199.109.153
s-part-0029.t-0009.t-msedge.net
13.107.246.57
s-part-0014.t-0009.t-msedge.net
13.107.246.42
inbound-weighted.protechts.net
35.190.10.96
cdnjs.cloudflare.com
104.17.25.14
sni1gl.wpc.omegacdn.net
152.199.21.175
www.google.com
216.58.206.68
stk.hsprotect.net
34.107.199.61
1220595937.rsc.cdn77.org
207.211.211.27
s-part-0032.t-0009.t-msedge.net
13.107.246.60
js.monitor.azure.com
unknown
signup.live.com
unknown
collector-pxzc5j78di.hsprotect.net
unknown
aadcdn.msftauth.net
unknown
logincdn.msftauth.net
unknown
mem.gfx.ms
unknown
use.fontawesome.com
unknown
client.hsprotect.net
unknown
c.s-microsoft.com
unknown
maxcdn.icons8.com
unknown
msft.hsprotect.net
unknown
support.content.office.net
unknown
login.microsoftonline.com
unknown
fpt.live.com
unknown
acctcdn.msftauth.net
unknown
There are 20 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
13.107.246.42
s-part-0014.t-0009.t-msedge.net
United States
35.190.10.96
inbound-weighted.protechts.net
United States
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
13.107.246.44
s-part-0016.t-0009.t-msedge.net
United States
192.168.2.4
unknown
unknown
13.107.246.60
s-part-0032.t-0009.t-msedge.net
United States
192.168.2.5
unknown
unknown
34.107.199.61
stk.hsprotect.net
United States
104.17.24.14
unknown
United States
13.107.246.73
s-part-0045.t-0009.t-msedge.net
United States
13.107.246.57
s-part-0029.t-0009.t-msedge.net
United States
185.199.109.153
l9sa.github.io
Netherlands
216.58.206.68
www.google.com
United States
239.255.255.250
unknown
Reserved
207.211.211.27
1220595937.rsc.cdn77.org
United States
152.199.21.175
sni1gl.wpc.alphacdn.net
United States
185.199.108.153
unknown
Netherlands
104.17.25.14
cdnjs.cloudflare.com
United States
There are 8 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://l9sa.github.io/
https://signup.live.com/?lic=1
https://signup.live.com/?lic=1
https://signup.live.com/?lic=1
https://signup.live.com/?lic=1
https://signup.live.com/?lic=1
https://signup.live.com/?lic=1
https://signup.live.com/?lic=1
https://signup.live.com/?lic=1
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
https://support.microsoft.com/en-us/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0
There are 9 hidden doms, click here to show them.