IOC Report
https://notes.hive.com/?workspaceId=kr3Aqn9Lc8FeMK9ca¬ebookId=9woJR3r4bJz9Thzka&shareToken=6689549e3fef68b37161a764f0513cfa40edcac4d30cd3ab4fdae634125b9152

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:25:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:25:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:25:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:25:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 18:25:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 133
ASCII text, with very long lines (64448)
downloaded
Chrome Cache Entry: 135
Web Open Font Format (Version 2), CFF, length 80652, version 1.0
downloaded
Chrome Cache Entry: 136
ASCII text, with very long lines (11450)
dropped
Chrome Cache Entry: 140
ASCII text
dropped
Chrome Cache Entry: 141
ASCII text, with very long lines (11450)
dropped
Chrome Cache Entry: 142
ASCII text
downloaded
Chrome Cache Entry: 145
JSON data
dropped
Chrome Cache Entry: 146
Unicode text, UTF-8 text, with very long lines (38292)
dropped
Chrome Cache Entry: 147
ASCII text
dropped
Chrome Cache Entry: 148
ASCII text, with very long lines (15802)
downloaded
Chrome Cache Entry: 149
ASCII text, with very long lines (31995)
dropped
Chrome Cache Entry: 151
Unicode text, UTF-8 text, with very long lines (65504), with no line terminators
downloaded
Chrome Cache Entry: 153
ASCII text, with very long lines (52592)
downloaded
Chrome Cache Entry: 154
ASCII text, with very long lines (4907), with no line terminators
downloaded
Chrome Cache Entry: 156
gzip compressed data, from Unix, original size modulo 2^32 622130
downloaded
Chrome Cache Entry: 157
ASCII text, with very long lines (5478), with no line terminators
downloaded
Chrome Cache Entry: 158
ASCII text, with very long lines (340)
dropped
Chrome Cache Entry: 159
HTML document, ASCII text, with very long lines (2592), with no line terminators
dropped
Chrome Cache Entry: 161
HTML document, ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 163
ASCII text, with very long lines (1490)
downloaded
Chrome Cache Entry: 166
JSON data
dropped
Chrome Cache Entry: 168
ASCII text
dropped
Chrome Cache Entry: 169
ASCII text, with very long lines (5552)
dropped
Chrome Cache Entry: 170
ASCII text, with very long lines (65371)
downloaded
Chrome Cache Entry: 173
Unicode text, UTF-8 text, with very long lines (9928), with no line terminators
dropped
Chrome Cache Entry: 174
gzip compressed data, from Unix, original size modulo 2^32 3013
dropped
Chrome Cache Entry: 175
ASCII text, with very long lines (11450)
downloaded
Chrome Cache Entry: 176
ASCII text, with very long lines (65393)
downloaded
Chrome Cache Entry: 177
HTML document, ASCII text, with very long lines (598), with CRLF line terminators
downloaded
Chrome Cache Entry: 178
Unicode text, UTF-8 text, with very long lines (7592), with no line terminators
dropped
Chrome Cache Entry: 182
JSON data
dropped
Chrome Cache Entry: 183
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 184
XML 1.0 document, ASCII text
downloaded
Chrome Cache Entry: 185
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 187
ASCII text, with very long lines (5206), with no line terminators
dropped
Chrome Cache Entry: 188
Unicode text, UTF-8 text, with very long lines (516)
downloaded
Chrome Cache Entry: 189
gzip compressed data, was "tmpn38be2p_", last modified: Wed Oct 9 15:23:15 2024, max compression, original size modulo 2^32 291442
downloaded
Chrome Cache Entry: 190
gzip compressed data, from Unix, original size modulo 2^32 5530
downloaded
Chrome Cache Entry: 191
Unicode text, UTF-8 text, with very long lines (4570)
dropped
Chrome Cache Entry: 193
ASCII text, with very long lines (9198)
downloaded
Chrome Cache Entry: 194
ASCII text, with very long lines (4908), with no line terminators
dropped
Chrome Cache Entry: 196
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 198
ASCII text, with very long lines (354), with CRLF line terminators
dropped
Chrome Cache Entry: 204
JSON data
dropped
Chrome Cache Entry: 207
HTML document, ASCII text, with very long lines (1144), with no line terminators
downloaded
Chrome Cache Entry: 208
ASCII text, with very long lines (6187)
dropped
Chrome Cache Entry: 209
JSON data
downloaded
Chrome Cache Entry: 211
ASCII text
dropped
Chrome Cache Entry: 212
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 213
Unicode text, UTF-8 text, with very long lines (4570)
downloaded
Chrome Cache Entry: 214
ASCII text, with very long lines (755), with no line terminators
dropped
Chrome Cache Entry: 216
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 217
ASCII text, with very long lines (1389), with no line terminators
downloaded
Chrome Cache Entry: 219
gzip compressed data, from Unix, original size modulo 2^32 2960
downloaded
Chrome Cache Entry: 223
gzip compressed data, from Unix, original size modulo 2^32 46438
downloaded
Chrome Cache Entry: 224
ASCII text, with very long lines (64952)
dropped
Chrome Cache Entry: 225
gzip compressed data, from Unix, original size modulo 2^32 10441
dropped
Chrome Cache Entry: 226
gzip compressed data, max compression, from Unix, original size modulo 2^32 71723
dropped
Chrome Cache Entry: 227
ASCII text, with very long lines (5613), with no line terminators
downloaded
Chrome Cache Entry: 228
ASCII text, with very long lines (65502)
dropped
Chrome Cache Entry: 231
gzip compressed data, from Unix, original size modulo 2^32 4271
dropped
Chrome Cache Entry: 232
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
dropped
Chrome Cache Entry: 234
ASCII text, with very long lines (11450)
dropped
Chrome Cache Entry: 237
Unicode text, UTF-8 text, with very long lines (4290), with no line terminators
dropped
Chrome Cache Entry: 242
ASCII text
downloaded
Chrome Cache Entry: 246
gzip compressed data, from Unix, original size modulo 2^32 2712
downloaded
Chrome Cache Entry: 252
Unicode text, UTF-8 text, with very long lines (50522), with no line terminators
downloaded
Chrome Cache Entry: 255
ASCII text, with very long lines (11450)
downloaded
Chrome Cache Entry: 257
ASCII text, with very long lines (971), with no line terminators
dropped
Chrome Cache Entry: 259
Unicode text, UTF-8 text, with very long lines (41169)
downloaded
Chrome Cache Entry: 260
gzip compressed data, original size modulo 2^32 6631
downloaded
Chrome Cache Entry: 263
gzip compressed data, from Unix, original size modulo 2^32 3516
dropped
Chrome Cache Entry: 264
ASCII text, with very long lines (3024)
downloaded
Chrome Cache Entry: 267
ASCII text, with very long lines (9217)
downloaded
Chrome Cache Entry: 269
gzip compressed data, from Unix, original size modulo 2^32 3759
downloaded
Chrome Cache Entry: 270
gzip compressed data, from Unix, original size modulo 2^32 5144
downloaded
Chrome Cache Entry: 271
ASCII text, with very long lines (11450)
downloaded
Chrome Cache Entry: 273
gzip compressed data, from Unix, original size modulo 2^32 859947
dropped
Chrome Cache Entry: 276
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 277
ASCII text, with very long lines (672)
downloaded
Chrome Cache Entry: 279
Unicode text, UTF-8 text, with very long lines (65445)
dropped
Chrome Cache Entry: 280
gzip compressed data, from Unix, original size modulo 2^32 6697
dropped
Chrome Cache Entry: 281
HTML document, ASCII text, with very long lines (598), with CRLF line terminators
dropped
Chrome Cache Entry: 282
JSON data
dropped
There are 81 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://notes.hive.com/?workspaceId=kr3Aqn9Lc8FeMK9ca&notebookId=9woJR3r4bJz9Thzka&shareToken=6689549e3fef68b37161a764f0513cfa40edcac4d30cd3ab4fdae634125b9152
https://notes.hive.com/?workspaceId=kr3Aqn9Lc8FeMK9ca&notebookId=9woJR3r4bJz9Thzka&shareToken=6689549e3fef68b37161a764f0513cfa40edcac4d30cd3ab4fdae634125b9152

Domains

Name
IP
Malicious
tag.clearbitscripts.com
18.245.46.12
hiveteams.referralrock.com
20.75.106.146
js.hs-analytics.net
104.16.160.168
a73e323c18fd19b2a.awsglobalaccelerator.com
15.197.190.183
stats.g.doubleclick.net
74.125.133.154
d296je7bbdd650.cloudfront.net
99.86.8.175
scontent.xx.fbcdn.net
157.240.251.9
app.satismeter.com
104.18.2.19
track.hubspot.com
104.16.118.116
cdnjs.cloudflare.com
104.17.25.14
global-v4.clearbit.com
18.153.4.44
dualstack.crozdesk-conversion-web-67362884.eu-west-1.elb.amazonaws.com
54.194.208.140
www.google.com
142.250.186.68
api.segment.io
44.240.52.117
nexus-websocket-a.intercom.io
34.237.73.95
app.clearbit.com
3.127.196.46
js.intercomcdn.com
18.245.46.10
stackpath.bootstrapcdn.com
104.18.10.207
js.hs-banner.com
104.18.40.240
star-mini.c10r.facebook.com
157.240.253.35
cdn.heapanalytics.com
3.160.150.128
s.twitter.com
104.244.42.3
widget.intercom.io
13.224.189.49
js.hsadspixel.net
104.17.128.172
edge.fullstory.com
35.201.112.186
api-iam.intercom.io
23.22.83.75
ax-0001.ax-msedge.net
150.171.28.10
heapanalytics.com
67.202.7.244
bg.microsoft.map.fastly.net
199.232.210.172
rs.fullstory.com
35.186.194.58
js-na1.hs-scripts.com
104.16.141.209
googleads.g.doubleclick.net
142.250.185.194
api.hubapi.com
104.18.241.108
d1c596oky8ef8u.cloudfront.net
3.161.82.81
td.doubleclick.net
172.217.23.98
analytics.google.com
142.250.185.206
api.appcues.net
52.42.151.132
x.clearbitjs.com
unknown
cdn.segment.com
unknown
prod-gql.hive.com
unknown
notes.hive.com
unknown
ct.capterra.com
unknown
use.typekit.net
unknown
www.facebook.com
unknown
www.linkedin.com
unknown
trk.crozdesk.com
unknown
pro.fontawesome.com
unknown
connect.facebook.net
unknown
px.ads.linkedin.com
unknown
analytics.twitter.com
unknown
p.typekit.net
unknown
snap.licdn.com
unknown
fast.appcues.com
unknown
There are 43 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
142.250.186.68
www.google.com
United States
3.161.82.76
unknown
United States
52.42.151.132
api.appcues.net
United States
15.197.190.183
a73e323c18fd19b2a.awsglobalaccelerator.com
United States
3.160.150.128
cdn.heapanalytics.com
United States
35.186.194.58
rs.fullstory.com
United States
54.198.247.38
unknown
United States
2.19.126.206
unknown
European Union
104.16.118.116
track.hubspot.com
United States
34.237.73.95
nexus-websocket-a.intercom.io
United States
104.18.40.240
js.hs-banner.com
United States
142.250.184.227
unknown
United States
54.205.255.119
unknown
United States
142.250.186.72
unknown
United States
104.17.128.172
js.hsadspixel.net
United States
142.250.184.196
unknown
United States
67.202.7.244
heapanalytics.com
United States
1.1.1.1
unknown
Australia
23.22.83.75
api-iam.intercom.io
United States
3.161.82.81
d1c596oky8ef8u.cloudfront.net
United States
104.18.241.108
api.hubapi.com
United States
13.224.189.49
widget.intercom.io
United States
104.18.40.158
unknown
United States
104.244.42.131
unknown
United States
13.107.42.14
unknown
United States
104.17.175.201
unknown
United States
239.255.255.250
unknown
Reserved
104.18.242.108
unknown
United States
3.127.196.46
app.clearbit.com
United States
142.250.185.194
googleads.g.doubleclick.net
United States
104.16.141.209
js-na1.hs-scripts.com
United States
99.86.8.175
d296je7bbdd650.cloudfront.net
United States
157.240.253.35
star-mini.c10r.facebook.com
United States
88.221.110.227
unknown
European Union
172.217.16.194
unknown
United States
151.101.2.110
unknown
United States
104.17.25.14
cdnjs.cloudflare.com
United States
142.250.185.206
analytics.google.com
United States
104.18.10.207
stackpath.bootstrapcdn.com
United States
74.125.133.154
stats.g.doubleclick.net
United States
104.18.40.68
unknown
United States
142.250.186.174
unknown
United States
192.168.2.16
unknown
unknown
216.58.206.35
unknown
United States
44.240.52.117
api.segment.io
United States
172.217.23.98
td.doubleclick.net
United States
150.171.28.10
ax-0001.ax-msedge.net
United States
172.64.147.16
unknown
United States
104.16.160.168
js.hs-analytics.net
United States
142.250.186.132
unknown
United States
18.239.69.37
unknown
United States
66.102.1.84
unknown
United States
104.18.41.41
unknown
United States
2.19.126.219
unknown
European Union
104.244.42.3
s.twitter.com
United States
18.153.4.44
global-v4.clearbit.com
United States
157.240.251.9
scontent.xx.fbcdn.net
United States
13.224.189.74
unknown
United States
150.171.27.10
unknown
United States
35.201.112.186
edge.fullstory.com
United States
20.75.106.146
hiveteams.referralrock.com
United States
54.194.208.140
dualstack.crozdesk-conversion-web-67362884.eu-west-1.elb.amazonaws.com
United States
142.250.185.130
unknown
United States
157.240.253.1
unknown
United States
104.18.2.19
app.satismeter.com
United States
142.250.186.168
unknown
United States
104.17.223.152
unknown
United States
18.245.46.10
js.intercomcdn.com
United States
157.240.251.35
unknown
United States
18.245.46.12
tag.clearbitscripts.com
United States
44.225.152.202
unknown
United States
There are 61 hidden IPs, click here to show them.