IOC Report
https://corsairfinanceirelandno2dac.com/

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 101
data
dropped
Chrome Cache Entry: 102
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
downloaded
Chrome Cache Entry: 103
ASCII text, with very long lines (6391)
downloaded
Chrome Cache Entry: 104
ASCII text, with very long lines (6472)
dropped
Chrome Cache Entry: 105
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 106
ASCII text, with very long lines (2614), with no line terminators
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (53869)
dropped
Chrome Cache Entry: 108
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (6472)
downloaded
Chrome Cache Entry: 110
data
downloaded
Chrome Cache Entry: 71
ASCII text, with very long lines (5983), with no line terminators
downloaded
Chrome Cache Entry: 72
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 73
ASCII text, with very long lines (1391)
dropped
Chrome Cache Entry: 74
ASCII text, with very long lines (65501)
downloaded
Chrome Cache Entry: 75
HTML document, Unicode text, UTF-8 text, with very long lines (10112), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 76
HTML document, ASCII text, with very long lines (689)
downloaded
Chrome Cache Entry: 77
ASCII text, with very long lines (28524)
downloaded
Chrome Cache Entry: 78
ASCII text, with very long lines (1391)
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (1088)
dropped
Chrome Cache Entry: 80
ASCII text, with very long lines (58981)
downloaded
Chrome Cache Entry: 81
ASCII text, with very long lines (18798)
downloaded
Chrome Cache Entry: 82
HTML document, Unicode text, UTF-8 text, with very long lines (10112)
downloaded
Chrome Cache Entry: 83
ASCII text, with very long lines (582), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (316)
downloaded
Chrome Cache Entry: 85
ASCII text, with very long lines (4272)
dropped
Chrome Cache Entry: 86
ASCII text, with very long lines (6026)
downloaded
Chrome Cache Entry: 87
ASCII text, with very long lines (53869)
downloaded
Chrome Cache Entry: 88
ASCII text, with very long lines (18798)
dropped
Chrome Cache Entry: 89
HTML document, Unicode text, UTF-8 text, with very long lines (10112)
downloaded
Chrome Cache Entry: 90
ASCII text, with very long lines (4272)
downloaded
Chrome Cache Entry: 91
HTML document, ASCII text, with very long lines (689)
downloaded
Chrome Cache Entry: 92
ASCII text, with very long lines (3165)
downloaded
Chrome Cache Entry: 93
HTML document, ASCII text
downloaded
Chrome Cache Entry: 94
ASCII text, with very long lines (316)
dropped
Chrome Cache Entry: 95
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0
downloaded
Chrome Cache Entry: 96
ASCII text
downloaded
Chrome Cache Entry: 97
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 98
ASCII text, with very long lines (1088)
downloaded
Chrome Cache Entry: 99
ASCII text, with very long lines (895), with no line terminators
downloaded
There are 31 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1928,i,1135030793279660961,1927055234735671034,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://corsairfinanceirelandno2dac.com/"

URLs

Name
IP
Malicious
https://corsairfinanceirelandno2dac.com/
https://corsairfinanceirelandno2dac.com/wp-content/uploads/fonts/montserrat/latin/Montserrat-VariableFont_wght.woff2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-admin/js/user-profile.min.js?ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/contact/
https://corsairfinanceirelandno2dac.com/wp-content/plugins/oxygen/component-framework/oxygen.css?ver=4.9
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-admin/css/l10n.min.css?ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-content/uploads/fonts/ma_customfonts.css?ver=e71414f8
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-admin/js/password-strength-meter.min.js?ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-login.php
https://corsairfinanceirelandno2dac.com/wp-includes/js/wp-util.min.js?ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-content/themes/oxygen-is-not-a-theme/assets/fonts/ibm-ple
unknown
https://corsairfinanceirelandno2dac.com/wp-content/uploads/oxygen/css/15.css?cache=1727275541&ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-json/wp/v2/pages/31
unknown
https://corsairfinanceirelandno2dac.com/favicon.ico
213.171.203.211
https://corsairfinanceirelandno2dac.com/comments/feed/
unknown
https://corsairfinanceirelandno2dac.com/wp-admin/edit.php?post_type=document
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-content/themes/oxygen-is-not-a-theme/assets/fonts/source-
unknown
https://corsairfinanceirelandno2dac.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-admin/
unknown
https://corsairfinanceirelandno2dac.com/wp-content/uploads/oxygen/css/18.css?cache=1727275541&ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/documents-archive/
https://corsairfinanceirelandno2dac.com/wp-includes/js/zxcvbn.min.js
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-json/
unknown
https://corsairfinanceirelandno2dac.com/wp-content/themes/oxygen-is-not-a-theme/assets/fonts/dm-sans
unknown
https://corsairfinanceirelandno2dac.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
213.171.203.211
https://corsairfinanceirelandno2dac.com/?p=28
unknown
https://corsairfinanceirelandno2dac.com/wp-content/themes/oxygen-is-not-a-theme/assets/fonts/inter/I
unknown
https://corsairfinanceirelandno2dac.com/wp-content/uploads/oxygen/css/universal.css?cache=1727275539&ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-includes/css/buttons.min.css?ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-json/wp/v2/pages/28
unknown
https://corsairfinanceirelandno2dac.com/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18
213.171.203.211
https://api.w.org/
unknown
https://corsairfinanceirelandno2dac.com/wp-admin/css/forms.min.css?ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-content/uploads/oxygen/css/31.css?cache=1727275539&ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-login.php?redirect_to=https%3A%2F%2Fcorsairfinanceirelandno2dac.com%2Fwp-admin%2Fedit.php%3Fpost_type%3Ddocument&reauth=1
https://corsairfinanceirelandno2dac.com/wp-includes/js/underscore.min.js?ver=1.13.4
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-login.php?action=lostpassword
https://corsairfinanceirelandno2dac.com/?p=31
unknown
https://corsairfinanceirelandno2dac.com/wp-admin/css/login.min.css?ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/
https://corsairfinanceirelandno2dac.com/feed/
unknown
https://corsairfinanceirelandno2dac.com/wp-includes/js/zxcvbn-async.min.js?ver=1.0
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-content/uploads/oxygen/css/28.css?cache=1727275540&ver=6.6.2
213.171.203.211
https://en-gb.wordpress.org/
unknown
https://corsairfinanceirelandno2dac.com/wp-includes/css/dashicons.min.css?ver=6.6.2
213.171.203.211
https://corsairfinanceirelandno2dac.com/wp-json/wp/v2/pages/18
unknown
https://corsairfinanceirelandno2dac.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fcorsairfinanceire
unknown
https://corsairfinanceirelandno2dac.com/xmlrpc.php?rsd
unknown
https://corsairfinanceirelandno2dac.com/wp-content/uploads/fonts/open-sans/latin/OpenSans-VariableFont_wght.woff2
213.171.203.211
https://github.com/dropbox/zxcvbn
unknown
https://corsairfinanceirelandno2dac.com/wp-content/plugins/oxygen/component-framework/oxygen.css?ver
unknown
There are 40 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
corsairfinanceirelandno2dac.com
213.171.203.211
www.google.com
216.58.206.36
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
239.255.255.250
unknown
Reserved
213.171.203.211
corsairfinanceirelandno2dac.com
United Kingdom
192.168.2.4
unknown
unknown
216.58.206.36
www.google.com
United States

DOM / HTML

URL
Malicious
https://corsairfinanceirelandno2dac.com/
https://corsairfinanceirelandno2dac.com/documents-archive/
https://corsairfinanceirelandno2dac.com/contact/
https://corsairfinanceirelandno2dac.com/wp-login.php?redirect_to=https%3A%2F%2Fcorsairfinanceirelandno2dac.com%2Fwp-admin%2Fedit.php%3Fpost_type%3Ddocument&reauth=1
https://corsairfinanceirelandno2dac.com/wp-login.php?action=lostpassword
https://corsairfinanceirelandno2dac.com/wp-login.php