IOC Report
SecureMessageAtt.html

loading gif

Files

File Path
Type
Category
Malicious
SecureMessageAtt.html
HTML document, ASCII text, with CRLF line terminators
initial sample
Chrome Cache Entry: 100
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 101
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 102
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=Paint.NET v3.5.8, datetime=2003:11:17 13:40:39], baseline, precision 8, 288x100, components 3
downloaded
Chrome Cache Entry: 103
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 104
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=Paint.NET v3.5.8, datetime=2004:03:05 12:45:34], baseline, precision 8, 271x100, components 3
downloaded
Chrome Cache Entry: 105
GIF image data, version 89a, 90 x 68
dropped
Chrome Cache Entry: 106
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 107
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 170x42, components 3
dropped
Chrome Cache Entry: 108
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 109
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 110
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 111
ASCII text
dropped
Chrome Cache Entry: 112
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 113
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 114
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 115
ASCII text, with very long lines (1629)
downloaded
Chrome Cache Entry: 116
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 78
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 79
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 80
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 81
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 82
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=Paint.NET v3.5.8, datetime=2004:03:05 12:45:34], baseline, precision 8, 271x100, components 3
dropped
Chrome Cache Entry: 83
ASCII text, with very long lines (1629)
dropped
Chrome Cache Entry: 84
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 85
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 86
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 87
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 88
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 89
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 90
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 91
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 92
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=Paint.NET v3.5.8, datetime=2003:11:17 13:40:39], baseline, precision 8, 288x100, components 3
dropped
Chrome Cache Entry: 93
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 170x42, components 3
downloaded
Chrome Cache Entry: 94
ASCII text
downloaded
Chrome Cache Entry: 95
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 96
ASCII text
downloaded
Chrome Cache Entry: 97
GIF image data, version 89a, 90 x 68
downloaded
Chrome Cache Entry: 98
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 99
ASCII text, with no line terminators
dropped
There are 30 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\SecureMessageAtt.html"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,17741498219799999109,6120934994770269152,262144 /prefetch:8

URLs

Name
IP
Malicious
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t6&bp=3&app=c8189d26a1395038&crc=3875060010&en=ycw0k76l&end=1
44.195.253.161
https://securemail.toyota.com/securereader/Image?c=logo&b=1&i=18&rnd=0.861499714169369
67.231.145.18
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%238&bp=3&app=c8189d26a1395038&crc=3847800080&en=ycw0k76l&end=1
44.195.253.161
https://toyotafinancial.com/pub/static/securemailfaq/help_files/lfs-logo-sm.jpg
8.18.97.160
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t4&bp=3&app=c8189d26a1395038&crc=1608641522&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html&bp=3&app=c8189d26a1395038&crc=271460086&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%236&bp=3&app=c8189d26a1395038&crc=2808552938&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%2313&bp=3&app=c8189d26a1395038&crc=4045764729&en=ycw0k76l&end=1
44.195.253.161
https://www.dynatrace.com/company/trust-center/customers/reports/
unknown
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%2314&bp=3&app=c8189d26a1395038&crc=884536494&en=ycw0k76l&end=1
44.195.253.161
http://www.toyotafinancial.com/securemailfaq
3.160.150.16
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%236&bp=3&app=c8189d26a1395038&crc=2953160634&en=ycw0k76l&end=1
44.195.253.161
https://www.toyotafinancial.com/securemailfaq
3.160.150.107
https://toyotafinancial.com/favicon.ico
8.18.97.160
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t5&bp=3&app=c8189d26a1395038&crc=3812658470&en=ycw0k76l&end=1
44.195.253.161
https://securemail.toyota.com/formpostdir/safeformpost.aspx
unknown
file:///C:/Users/user/Desktop/SecureMessageAtt.html
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t4&bp=3&app=c8189d26a1395038&crc=3137537740&en=ycw0k76l&end=1
44.195.253.161
https://toyotafinancial.com/pub/static/securemailfaq/help_files/postx.css
8.18.97.160
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#t1
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%2311&bp=3&app=c8189d26a1395038&crc=3385293848&en=ycw0k76l&end=1
44.195.253.161
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#t4
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%2310&bp=3&app=c8189d26a1395038&crc=2715180069&en=ycw0k76l&end=1
44.195.253.161
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#t5
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#t6
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#1
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#6
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t1&bp=3&app=c8189d26a1395038&crc=1026959982&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%2314&bp=3&app=c8189d26a1395038&crc=885406826&en=ycw0k76l&end=1
44.195.253.161
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#8
https://toyotafinancial.com/_next/static/chunks/ruxitagentjs_ICA7NVdfgjqrux_10297240712040816.js
8.18.97.160
https://toyotafinancial.com/pub/static/securemailfaq/help_files/standard-scripts.js
8.18.97.160
https://toyotafinancial.com/pub/static/securemailfaq/help_files/tfs-logo-sm.jpg
8.18.97.160
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t5&bp=3&app=c8189d26a1395038&crc=3525433573&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t1&bp=3&app=c8189d26a1395038&crc=3221223036&en=ycw0k76l&end=1
44.195.253.161
https://securemail.toyota.com/securereader/Image?c=lock&b=1&rnd=7.30360816697331
67.231.145.18
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t6&bp=3&app=c8189d26a1395038&crc=4107068884&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html&bp=3&app=c8189d26a1395038&crc=3165538766&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%238&bp=3&app=c8189d26a1395038&crc=2285256535&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%2311&bp=3&app=c8189d26a1395038&crc=2025535804&en=ycw0k76l&end=1
44.195.253.161
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#10
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t6&bp=3&app=c8189d26a1395038&crc=1754104781&en=ycw0k76l&end=1
44.195.253.161
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#11
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%231&bp=3&app=c8189d26a1395038&crc=2140857794&en=ycw0k76l&end=1
44.195.253.161
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#13
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#14
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%231&bp=3&app=c8189d26a1395038&crc=3642807820&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%23t4&bp=3&app=c8189d26a1395038&crc=2486171214&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%2310&bp=3&app=c8189d26a1395038&crc=2923769829&en=ycw0k76l&end=1
44.195.253.161
https://bf67881koo.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=IKUECWWWVPWVPSRMKSKHSEELTMBBNHID-0&modifiedSince=1727740988201&rf=https%3A%2F%2Ftoyotafinancial.com%2Fpub%2Fstatic%2Fsecuremailfaq%2Fsecuremailfaq.html%2313&bp=3&app=c8189d26a1395038&crc=752748675&en=ycw0k76l&end=1
44.195.253.161
There are 41 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
pe-00113001.gslb.pphosted.com
67.231.145.18
d1mmwpafkjk9aa.cloudfront.net
3.160.150.16
toyotafinancial.com
8.18.97.160
www.google.com
142.250.184.196
bf67881koo.bf.dynatrace.com
44.195.253.161
securemail.toyota.com
unknown
www.toyotafinancial.com
unknown

IPs

IP
Domain
Country
Malicious
142.250.184.196
www.google.com
United States
67.231.145.18
pe-00113001.gslb.pphosted.com
United States
3.160.150.107
unknown
United States
192.168.2.4
unknown
unknown
239.255.255.250
unknown
Reserved
3.160.150.16
d1mmwpafkjk9aa.cloudfront.net
United States
142.250.181.228
unknown
United States
8.18.97.160
toyotafinancial.com
United States
44.195.253.161
bf67881koo.bf.dynatrace.com
United States

DOM / HTML

URL
Malicious
file:///C:/Users/user/Desktop/SecureMessageAtt.html
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#t5
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#t4
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#t6
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#t1
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#1
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#14
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#11
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#13
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#8
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#10
https://toyotafinancial.com/pub/static/securemailfaq/securemailfaq.html#6
There are 3 hidden doms, click here to show them.