IOC Report
https://url.us.m.mimecastprotect.com/s/i78SCER7VQSp6YXNRsNfJF7h3vl?domain=customervoice.microsoft.com

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
ASCII text, with very long lines (23927)
dropped
Chrome Cache Entry: 101
ASCII text, with very long lines (63105)
downloaded
Chrome Cache Entry: 102
JSON data
dropped
Chrome Cache Entry: 103
Unicode text, UTF-8 text, with very long lines (65506), with no line terminators
dropped
Chrome Cache Entry: 104
JSON data
downloaded
Chrome Cache Entry: 105
ASCII text, with very long lines (63105)
dropped
Chrome Cache Entry: 106
ASCII text, with very long lines (47459)
dropped
Chrome Cache Entry: 107
Unicode text, UTF-8 text, with very long lines (19569), with CRLF line terminators
downloaded
Chrome Cache Entry: 108
ASCII text, with very long lines (14187)
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (13674)
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (13674)
dropped
Chrome Cache Entry: 72
Unicode text, UTF-8 text, with very long lines (64954), with CRLF line terminators
downloaded
Chrome Cache Entry: 73
ASCII text, with very long lines (47421), with CRLF line terminators
dropped
Chrome Cache Entry: 74
JSON data
dropped
Chrome Cache Entry: 75
ASCII text, with very long lines (2531)
downloaded
Chrome Cache Entry: 76
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 77
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 78
Unicode text, UTF-8 text, with very long lines (19569), with CRLF line terminators
dropped
Chrome Cache Entry: 79
PNG image data, 64 x 75, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 80
Unicode text, UTF-8 text, with very long lines (60976)
dropped
Chrome Cache Entry: 81
JSON data
dropped
Chrome Cache Entry: 82
ASCII text, with very long lines (23927)
downloaded
Chrome Cache Entry: 83
Unicode text, UTF-8 text, with very long lines (38416)
downloaded
Chrome Cache Entry: 84
JSON data
downloaded
Chrome Cache Entry: 85
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 86
Unicode text, UTF-8 text, with very long lines (60976)
downloaded
Chrome Cache Entry: 87
PNG image data, 64 x 75, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 88
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 89
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 90
ASCII text, with very long lines (34044)
dropped
Chrome Cache Entry: 91
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 92
ASCII text, with very long lines (47459)
downloaded
Chrome Cache Entry: 93
Unicode text, UTF-8 text, with very long lines (65506), with no line terminators
downloaded
Chrome Cache Entry: 94
Unicode text, UTF-8 text, with very long lines (38416)
dropped
Chrome Cache Entry: 95
ASCII text, with very long lines (47421), with CRLF line terminators
downloaded
Chrome Cache Entry: 96
ASCII text, with very long lines (34044)
downloaded
Chrome Cache Entry: 97
ASCII text, with very long lines (14187)
dropped
Chrome Cache Entry: 98
JSON data
downloaded
Chrome Cache Entry: 99
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
There are 30 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1680,i,1621270502088142606,16961411227324488806,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/i78SCER7VQSp6YXNRsNfJF7h3vl?domain=customervoice.microsoft.com"

URLs

Name
IP
Malicious
https://url.us.m.mimecastprotect.com/s/i78SCER7VQSp6YXNRsNfJF7h3vl?domain=customervoice.microsoft.com
malicious
https://capitaltrustllc9843.globalstransloading.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8d0a0af12b9d43b9
104.21.53.126
 malicious
https://capitaltrustllc9843.globalstransloading.com/
malicious
https://capitaltrustllc9843.globalstransloading.com/favicon.ico
104.21.53.126
 malicious
https://capitaltrustllc9843.globalstransloading.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1015125258:1728598503:OrtlK7RUXecua_G912N6XGH3TMy6Bwgc455hUIfNmnY/8d0a0af12b9d43b9/346298d3e366648
104.21.53.126
 malicious
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d0a0b08b84218f2/1728599306268/c75784628256fb00e9036d472361f9263425c46117a98376a3b5aa2d50b452f9/ICVIk_Usis5N1zl
104.18.95.41
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://getbootstrap.com/docs/3.4/customize/)
unknown
http://jquery.org/license
unknown
https://a.nel.cloudflare.com/report/v4?s=mq4uLlLM%2FqHyJkShmzcWp1j8G8rnou8i90ZHra5E6HTglgXsGKGp8SLFkIuYIfIE8jGmZluz%2Fs%2FqZg%2BjW3rNBlqBPYEz4LccnIs35WiJrEjrIGhjvAXa5QvP1AjsV0QcZt5B6nZ3%2FJMPfG4DeezmHu4TQU4Y%2FWuLSMcB4LXA
35.190.80.1
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvheadertheme.7ef
unknown
https://reactjs.org/docs/error-decoder.html?invariant=
unknown
http://api.jqueryui.com/category/ui-core/
unknown
http://jqueryui.com
unknown
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.postsubmit.3275fe
unknown
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.vendors.aa37695.j
unknown
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.cachegroup-nerve.min.0b
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1619491210:1728594602:UVuzWaMbyM5Qbs3hY-eXbv-5vkwKfWR4FIiV4FLj664/8d0a0b08b84218f2/21524bc471357e8
104.18.95.41
https://getbootstrap.com/)
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lchv3/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
104.18.95.41
https://jquery.org/license
unknown
https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
unknown
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.quiz.4c32c58.js.m
unknown
https://jquery.com/
unknown
https://github.com/SoapBox/linkifyjs
unknown
https://capitaltrustllc9843.globalstransloading.com
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
104.18.95.41
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.ir.cf39917.js.map
unknown
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.616.93becff.js.ma
unknown
https://forms.office.com.
unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://fb.me/react-polyfills
unknown
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.min.2677914.js.map/56c7
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d0a0b08b84218f2/1728599306267/J_g9axJ2jaHEGVZ
104.18.95.41
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvtitlerender.55b
unknown
https://underscorejs.org
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d0a0b08b84218f2&lang=auto
104.18.95.41
https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.1ds.8fd4115.js.ma
unknown
https://sizzlejs.com/
unknown
https://a.nel.cloudflare.com/report/v4?s=SnlmIwj4dVa%2BLGgMKWMyTiu%2BnmTAV1W9F787EbIiwxitRuk8VdCJkbTmKENrfqlZXQ6gDENzLYIIV%2FAtquo1IkFFtbVijLWJu4397PdlgLZfl7ZBTfjR9IwwZv7gk0n65l48t5QsycAA3w%2FUljUOmXRgqrxB%2FgLboNtE2pTz
35.190.80.1
https://js.foundation/
unknown
There are 30 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
capitaltrustllc9843.globalstransloading.com
104.21.53.126
 malicious
bg.microsoft.map.fastly.net
199.232.210.172
a.nel.cloudflare.com
35.190.80.1
url.us.m.mimecastprotect.com
205.139.111.12
s-part-0023.t-0009.t-msedge.net
13.107.246.51
challenges.cloudflare.com
104.18.95.41
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
172.217.18.100
fp2e7a.wpc.phicdn.net
192.229.221.95
cdn.forms.office.net
unknown

IPs

IP
Domain
Country
Malicious
104.21.53.126
capitaltrustllc9843.globalstransloading.com
United States
malicious
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
192.168.2.9
unknown
unknown
104.18.95.41
challenges.cloudflare.com
United States
192.168.2.4
unknown
unknown
192.168.2.6
unknown
unknown
239.255.255.250
unknown
Reserved
142.250.185.164
unknown
United States
205.139.111.12
url.us.m.mimecastprotect.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
172.217.18.100
www.google.com
United States
There are 1 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=rCxHFZLdZUGNvhn9cgWChLhuCDtpfZJDs2F6orjCzx1UQzg1NU9XMkQwS0xHVlBLV0ZUTjNJQUgyUy4u
 malicious
https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=rCxHFZLdZUGNvhn9cgWChLhuCDtpfZJDs2F6orjCzx1UQzg1NU9XMkQwS0xHVlBLV0ZUTjNJQUgyUy4u
 malicious
https://capitaltrustllc9843.globalstransloading.com/
 malicious
https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=rCxHFZLdZUGNvhn9cgWChLhuCDtpfZJDs2F6orjCzx1UQzg1NU9XMkQwS0xHVlBLV0ZUTjNJQUgyUy4u
https://capitaltrustllc9843.globalstransloading.com/
https://capitaltrustllc9843.globalstransloading.com/
https://capitaltrustllc9843.globalstransloading.com/