IOC Report
https://survey.hsforms.com/1xwoBt8ujTyqT_K_vtoo4BAe6n8d

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 121
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 122
Unicode text, UTF-8 text, with very long lines (65327)
downloaded
Chrome Cache Entry: 123
PNG image data, 1810 x 951, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 124
ASCII text, with very long lines (4021)
downloaded
Chrome Cache Entry: 125
JSON data
downloaded
Chrome Cache Entry: 126
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 127
PNG image data, 1810 x 951, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 128
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 129
HTML document, ASCII text, with very long lines (1073)
downloaded
Chrome Cache Entry: 130
ASCII text, with very long lines (542)
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (64696)
dropped
Chrome Cache Entry: 132
ASCII text, with very long lines (6005)
downloaded
Chrome Cache Entry: 133
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 134
ASCII text, with very long lines (6187)
dropped
Chrome Cache Entry: 135
ASCII text, with very long lines (64696)
downloaded
Chrome Cache Entry: 136
JSON data
dropped
Chrome Cache Entry: 137
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 138
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 139
ASCII text, with very long lines (6187)
downloaded
Chrome Cache Entry: 140
ASCII text, with very long lines (4021)
dropped
Chrome Cache Entry: 141
HTML document, ASCII text, with very long lines (1073)
dropped
Chrome Cache Entry: 142
ASCII text, with very long lines (62225)
dropped
Chrome Cache Entry: 143
ASCII text, with very long lines (2887), with no line terminators
dropped
Chrome Cache Entry: 144
Unicode text, UTF-8 text, with very long lines (65327)
dropped
Chrome Cache Entry: 145
ASCII text, with very long lines (62225)
downloaded
Chrome Cache Entry: 146
HTML document, ASCII text, with very long lines (1073)
downloaded
Chrome Cache Entry: 147
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 148
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 149
ASCII text, with very long lines (65536), with no line terminators
dropped
There are 20 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2196,i,15370962937125068013,16043483835108346734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://survey.hsforms.com/1xwoBt8ujTyqT_K_vtoo4BAe6n8d"

URLs

Name
IP
Malicious
https://survey.hsforms.com/1xwoBt8ujTyqT_K_vtoo4BAe6n8d
https://js.hs-scripts.com/23824669.js
104.16.140.209
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v3-RENDER_SUCCESS&count=1
104.19.175.188
https://23824669.fs1.hubspotusercontent-na1.net/hubfs/23824669/ANEXO%2004.%20LOGO%20COOPROFESORES-3.png
104.18.41.124
http://www.hubspot.com
unknown
https://static.hsappstatic.net/ui-images/static-2.343/optimized/errors/general.svg
104.17.173.91
https://api.hubspot.com/feedback/public/v1/submission-verify?formGuid=c70a01b7-cba3-4f2a-93fc-afefb68a3804&portalId=23824669&hs_static_app=forms-embed&hs_static_app_version=1.6227&X-HubSpot-Static-App-Info=forms-embed-1.6227
104.16.118.116
https://runkit.com/conorlinehan/feedback-mock-aggregation-endpoint)
unknown
https://track.hubspot.com/__ptq.gif?k=17&fi=c70a01b7-cba3-4f2a-93fc-afefb68a3804&fci=19bb254a-8fff-44cc-b542-6303013ebf67&ft=11&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=23824669&pu=https%3A%2F%2Fsurvey.hsforms.com%2F1xwoBt8ujTyqT_K_vtoo4BAe6n8d&t=Feedback+Surveys&cts=1728598992129&vi=f60f4fd8dd3432eb9f97af67cd54ae35&nc=true&u=251652889.f60f4fd8dd3432eb9f97af67cd54ae35.1728598991887.1728598991887.1728598991887.1&b=251652889.1.1728598991887&cc=15
104.16.118.116
https://js.usemessages.com/conversations-embed.js
104.16.78.142
https://track.hubspot.com/__ptq.gif?k=15&fi=c70a01b7-cba3-4f2a-93fc-afefb68a3804&fci=19bb254a-8fff-44cc-b542-6303013ebf67&ft=11&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=23824669&pu=https%3A%2F%2Fsurvey.hsforms.com%2F1xwoBt8ujTyqT_K_vtoo4BAe6n8d&t=Feedback+Surveys&cts=1728598992002&vi=f60f4fd8dd3432eb9f97af67cd54ae35&nc=true&u=251652889.f60f4fd8dd3432eb9f97af67cd54ae35.1728598991887.1728598991887.1728598991887.1&b=251652889.1.1728598991887&cc=15
104.16.118.116
https://js.hs-banner.com/v2/23824669/banner.js
172.64.147.16
https://js.hsadspixel.net/fb.js
104.17.128.172
https://js.hs-banner.com/v2
unknown
https://survey.hsforms.com/1xwoBt8ujTyqT_K_vtoo4BAe6n8d
https://survey.hsforms.com/favicon.ico
104.19.175.188
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
104.19.175.188
https://static.hsappstatic.net/ui-images/static-2.343/optimized/errors/$
unknown
https://local.hsappstatic.net/forms-embed/static/bundles/project-v3.js
unknown
https://api.hubspot.com/livechat-public/v1/message/public?portalId=23824669&conversations-embed=static-1.18271&mobile=false&messagesUtk=810d2aa17c9e4549bfe959e111ae8372&traceId=810d2aa17c9e4549bfe959e111ae8372
104.16.118.116
https://static.hsappstatic.net/forms-submission-pages/static-1.5015/sass/surveys/project.css
104.17.173.91
https://js.hsforms.net/forms/embed/v3.js
104.18.142.119
https://js.hscollectedforms.net/collectedforms.js
104.16.107.254
http://hubs.ly/H0702_H0
unknown
https://js.hubspot.com/web-interactives-embed.js
104.16.117.116
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v3-DEFINITION_SUCCESS&count=1
104.19.175.188
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=23824669&utk=
104.16.109.254
https://track.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=23824669&pu=https%3A%2F%2Fsurvey.hsforms.com%2F1xwoBt8ujTyqT_K_vtoo4BAe6n8d&t=Feedback+Surveys&cts=1728598991896&vi=f60f4fd8dd3432eb9f97af67cd54ae35&nc=true&u=251652889.f60f4fd8dd3432eb9f97af67cd54ae35.1728598991887.1728598991887.1728598991887.1&b=251652889.1.1728598991887&cc=15
104.16.118.116
https://js-na1.hs-scripts.com/23824669.js
unknown
https://a.nel.cloudflare.com/report/v4?s=onUe8kumKePATx8I9qJW2dl1pXmHPQDP1Afg6E7%2FXOsiGq7nKugI3ibcsmoz5tsQ89Ax0tqYfSQfeKh4AdB8x4jIMPwhlvZJjKgQY3tTTeMAxZgbTmb0Le5ekgB1SU0uxw%3D%3D
35.190.80.1
https://static.hsappstatic.net/forms-submission-pages/static-1.5015/bundles/surveys.js
104.17.173.91
https://js.hs-analytics.net/analytics/1728598800000/23824669.js
104.17.175.201
There are 21 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
js.hs-banner.com
172.64.147.16
forms.hsforms.com
104.19.175.188
static.hsappstatic.net
104.17.173.91
a.nel.cloudflare.com
35.190.80.1
js.hubspot.com
104.16.117.116
js.hsadspixel.net
104.17.128.172
js.hs-analytics.net
104.17.175.201
fp2e7a.wpc.phicdn.net
192.229.221.95
bg.microsoft.map.fastly.net
199.232.214.172
api.hubspot.com
104.16.118.116
track.hubspot.com
104.16.118.116
forms-na1.hsforms.com
104.19.175.188
js.hsforms.net
104.18.142.119
forms.hscollectedforms.net
104.16.109.254
23824669.fs1.hubspotusercontent-na1.net
104.18.41.124
js.hs-scripts.com
104.16.140.209
survey.hsforms.com
104.19.175.188
js.usemessages.com
104.16.78.142
www.google.com
172.217.18.100
js.hscollectedforms.net
104.16.107.254
There are 10 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.19.175.188
forms.hsforms.com
United States
192.168.2.9
unknown
unknown
192.168.2.6
unknown
unknown
104.16.118.116
api.hubspot.com
United States
104.18.40.240
unknown
United States
104.16.75.142
unknown
United States
104.16.78.142
js.usemessages.com
United States
104.16.107.254
js.hscollectedforms.net
United States
172.64.147.16
js.hs-banner.com
United States
104.16.160.168
unknown
United States
104.16.111.254
unknown
United States
35.190.80.1
a.nel.cloudflare.com
United States
104.17.128.172
js.hsadspixel.net
United States
104.18.80.204
unknown
United States
104.16.140.209
js.hs-scripts.com
United States
104.17.176.91
unknown
United States
104.16.137.209
unknown
United States
142.250.185.132
unknown
United States
104.18.141.119
unknown
United States
104.17.175.201
js.hs-analytics.net
United States
239.255.255.250
unknown
Reserved
104.16.109.254
forms.hscollectedforms.net
United States
104.17.173.91
static.hsappstatic.net
United States
104.18.41.124
23824669.fs1.hubspotusercontent-na1.net
United States
104.16.117.116
js.hubspot.com
United States
104.18.142.119
js.hsforms.net
United States
172.217.18.100
www.google.com
United States
There are 17 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://survey.hsforms.com/1xwoBt8ujTyqT_K_vtoo4BAe6n8d
https://survey.hsforms.com/1xwoBt8ujTyqT_K_vtoo4BAe6n8d
https://survey.hsforms.com/1xwoBt8ujTyqT_K_vtoo4BAe6n8d