IOC Report
http://amwaykorea-durableservice.com/

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 64
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1536x1088, components 3
dropped
Chrome Cache Entry: 65
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1536x1088, components 3
downloaded
Chrome Cache Entry: 66
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 96x96, components 3
downloaded
Chrome Cache Entry: 67
Web Open Font Format (Version 2), TrueType, length 48444, version 1.0
downloaded
Chrome Cache Entry: 68
Unicode text, UTF-8 text, with very long lines (42040)
downloaded
Chrome Cache Entry: 69
ASCII text, with very long lines (6834), with no line terminators
downloaded
Chrome Cache Entry: 70
Unicode text, UTF-8 text, with very long lines (40103)
dropped
Chrome Cache Entry: 71
Web Open Font Format (Version 2), TrueType, length 25948, version 1.0
downloaded
Chrome Cache Entry: 72
Unicode text, UTF-8 text, with very long lines (1366)
dropped
Chrome Cache Entry: 73
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 74
ASCII text, with very long lines (64733)
downloaded
Chrome Cache Entry: 75
Unicode text, UTF-8 text, with very long lines (42040)
dropped
Chrome Cache Entry: 76
Web Open Font Format (Version 2), TrueType, length 15968, version 1.0
downloaded
Chrome Cache Entry: 77
ASCII text, with very long lines (64733)
dropped
Chrome Cache Entry: 78
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (44085)
downloaded
Chrome Cache Entry: 80
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 768x1062, components 3
downloaded
Chrome Cache Entry: 81
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 128x128, components 3
downloaded
Chrome Cache Entry: 82
Unicode text, UTF-8 text, with very long lines (40103)
downloaded
Chrome Cache Entry: 83
JSON data
dropped
Chrome Cache Entry: 84
Web Open Font Format (Version 2), TrueType, length 14504, version 1.0
downloaded
Chrome Cache Entry: 85
JSON data
downloaded
Chrome Cache Entry: 86
Web Open Font Format (Version 2), TrueType, length 16072, version 1.0
downloaded
Chrome Cache Entry: 87
Web Open Font Format (Version 2), TrueType, length 16312, version 1.0
downloaded
Chrome Cache Entry: 88
Unicode text, UTF-8 text, with very long lines (1366)
downloaded
Chrome Cache Entry: 89
Web Open Font Format (Version 2), TrueType, length 14328, version 1.0
downloaded
Chrome Cache Entry: 90
Web Open Font Format (Version 2), TrueType, length 16700, version 1.0
downloaded
Chrome Cache Entry: 91
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 768x1062, components 3
dropped
Chrome Cache Entry: 92
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 128x128, components 3
dropped
Chrome Cache Entry: 93
ASCII text, with very long lines (6834), with no line terminators
dropped
Chrome Cache Entry: 94
ASCII text, with very long lines (1146)
downloaded
Chrome Cache Entry: 95
Web Open Font Format (Version 2), TrueType, length 16140, version 1.0
downloaded
Chrome Cache Entry: 96
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 97
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 96x96, components 3
dropped
There are 25 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2036,i,1705269705235590464,16401961063076579231,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://amwaykorea-durableservice.com/"

URLs

Name
IP
Malicious
http://amwaykorea-durableservice.com/
https://forum.bubble.io/t/breaking-change-overriding-timezones-group-focus-element-positioning/23572
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://assets.ziggeo.com/v2-stable/ziggeo.css
unknown
https://amwaykorea-durableservice.com/user/m
104.16.36.105
https://forum.bubble.io/t/upgrade-to-bubble-version-27-data-triggers-initiated-by-autobinding-inheri
unknown
https://amwaykorea-durableservice.com/frg
104.16.36.105
https://forum.bubble.io/t/upgrade-to-bubble-version-29-file-uploader-and-clear-list-fixes/307875
unknown
https://lodash.com/
unknown
https://amwaykorea-durableservice.com/package/run_js/189fc2d9e6901c5bfd65153435262a8691527227f32af3c938d5a7d5be7a182f/xfalse/x29/run.js
104.16.36.105
https://d1muf25xaso8hp.cloudfront.net/https%3A%2F%2F44c002b16d85db1421666d5605f57a24.cdn.bubble.io%2Ff1717196354913x753029326896443100%2FNew%2520eSpring_dark.jpg?w=768&h=1062&auto=compress&fit=crop&dpr=1
18.239.102.30
https://amwaykorea-durableservice.com/user/hi
104.16.36.105
https://amwaykorea-durableservice.com/package/dynamic_js/ed845e1db48de6da4e85e7fa74b1b27d22e96e12e338ec26baddfa328f299abe/durableservice/live/index/xnull/xfalse/xfalse/ko_kr/xfalse/xfalse/dynamic.js
104.16.36.105
https://d1muf25xaso8hp.cloudfront.net/https%3A%2F%2F44c002b16d85db1421666d5605f57a24.cdn.bubble.io%2Ff1717367116886x149617832304882460%2FAmway%2520simple%2520logo.png?w=96&h=96&auto=compress&fit=crop&dpr=1
18.239.102.30
https://amwaykorea-durableservice.com/
https://forum.bubble.io/t/upgrade-to-bubble-version-21-improved-runtime-performance/240651
unknown
https://forum.bubble.io/t/upgrade-to-bubble-version-25-giving-all-external-api-calls-a-default-user-
unknown
https://ziggeo.io/p/$
unknown
https://amwaykorea-durableservice.com/package/pre_run_jquery_js/dee903a9e36db713e4c86d0cdd96d921e37be0c1293ed8dee29e2e4d7713b9ff/pre_run_jquery.js
104.16.36.105
https://bubble.io/
unknown
http://underscorejs.org/LICENSE
unknown
https://feross.org
unknown
https://plst237.s3.amazonaws.com/plst.js
54.231.204.145
https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
unknown
https://bubble.io
unknown
https://forum.bubble.io/t/upgrade-to-bubble-version-23-privacy-rules-tweak/264611
unknown
https://amwaykorea-durableservice.com/user/apm
104.16.36.105
https://forum.bubble.io/t/new-feature-advanced-options-including-advanced-timezone-controls/258429
unknown
https://amwaykorea-durableservice.com/package/static_js/58cfe6857a3eec1858c7ae37b3506d95bda1e7a9bf89a37bb17c7fedc88ee550/durableservice/live/index/xnull/xfalse/xfalse/xfalse/static.js
104.16.36.105
https://amwaykorea-durableservice.com/api/1.1/init/data?location=https%3A%2F%2Famwaykorea-durableservice.com%2F
104.16.36.105
https://lodash.com/license
unknown
https://forum.bubble.io/t/upgrade-to-bubble-version-24-correctly-get-is-empty-status-for-api-call-re
unknown
https://notify.bubble.io/
104.17.123.183
https://forum.bubble.io/t/upgrade-to-bubble-version-28-specify-json-content-type-when-relevant-in-ap
unknown
https://github.com/syntaqx/pass-meter
unknown
https://mths.be/punycode
unknown
https://d1muf25xaso8hp.cloudfront.net/https%3A%2F%2F44c002b16d85db1421666d5605f57a24.cdn.bubble.io%2Ff1720303659475x899858168736626000%2FAmway%2520simple%2520logo.png?w=128&h=&auto=compress&dpr=1&fit=max
18.239.102.30
https://amwaykorea-durableservice.com/package/run_css/27e80aea38a42d5adf3a5fb176001940c828a975d57b60c1ea98e52da0150b82/durableservice/live/index/xfalse/xfalse/run.css
104.16.36.105
https://amwaykorea-durableservice.com/package/early_js/05ae9fe83d6b755291132aab9d325d70918aafd336da1bd91a41a31c8b25734b/early.js
104.16.36.105
https://d1muf25xaso8hp.cloudfront.net/https%3A%2F%2F44c002b16d85db1421666d5605f57a24.cdn.bubble.io%2Ff1717196354913x753029326896443100%2FNew%2520eSpring_dark.jpg?w=1536&h=1088&auto=compress&fit=crop&dpr=1
18.239.102.30
https://assets.ziggeo.com/v2-stable/ziggeo.js
unknown
https://openjsf.org/
unknown
http://amwaykorea-durableservice.com/
104.16.36.105
http://ricostacruz.com/nprogress
unknown
https://forum.bubble.io/t/upgrade-to-bubble-version-26-adjustment-to-style-overrides-behavior-with-s
unknown
There are 34 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s3-w.us-east-1.amazonaws.com
54.231.204.145
bg.microsoft.map.fastly.net
199.232.210.172
www.google.com
142.250.185.132
notify.bubble.io
104.17.123.183
d1muf25xaso8hp.cloudfront.net
18.239.102.30
amwaykorea-durableservice.com
104.16.36.105
plst237.s3.amazonaws.com
unknown

IPs

IP
Domain
Country
Malicious
142.250.184.196
unknown
United States
3.5.29.198
unknown
United States
18.239.102.30
d1muf25xaso8hp.cloudfront.net
United States
192.168.2.8
unknown
unknown
192.168.2.7
unknown
unknown
142.250.185.132
www.google.com
United States
18.239.102.43
unknown
United States
104.16.36.105
amwaykorea-durableservice.com
United States
54.231.204.145
s3-w.us-east-1.amazonaws.com
United States
104.17.123.183
notify.bubble.io
United States
239.255.255.250
unknown
Reserved
There are 1 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://amwaykorea-durableservice.com/
https://amwaykorea-durableservice.com/