IOC Report
https://dev-faa-gov-secure.pantheonsite.io/?email=jarodriguez@flylcpa.com

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 10:54:30 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 10:54:30 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 10:54:30 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 10:54:30 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 10:54:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
ASCII text, with very long lines (65496)
downloaded
Chrome Cache Entry: 101
ASCII text, with very long lines (422)
downloaded
Chrome Cache Entry: 102
ASCII text, with very long lines (1757), with no line terminators
downloaded
Chrome Cache Entry: 103
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 104
ASCII text, with very long lines (9889)
downloaded
Chrome Cache Entry: 105
ASCII text, with very long lines (23659), with no line terminators
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (40972)
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (1107), with no line terminators
downloaded
Chrome Cache Entry: 108
ASCII text, with very long lines (10260), with no line terminators
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (65496)
dropped
Chrome Cache Entry: 110
ASCII text, with very long lines (41281)
dropped
Chrome Cache Entry: 111
PNG image data, 1263 x 675, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 112
ASCII text, with very long lines (13479)
dropped
Chrome Cache Entry: 113
JPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, baseline, precision 8, 32x32, components 3
downloaded
Chrome Cache Entry: 114
ASCII text, with very long lines (422)
dropped
Chrome Cache Entry: 115
ASCII text, with very long lines (4957)
downloaded
Chrome Cache Entry: 116
Unicode text, UTF-8 text, with very long lines (8189)
dropped
Chrome Cache Entry: 117
ASCII text, with very long lines (13479)
downloaded
Chrome Cache Entry: 118
ASCII text, with very long lines (3828)
downloaded
Chrome Cache Entry: 119
HTML document, ASCII text, with very long lines (58133)
downloaded
Chrome Cache Entry: 120
ASCII text, with very long lines (4957)
dropped
Chrome Cache Entry: 121
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 122
ASCII text, with very long lines (560)
downloaded
Chrome Cache Entry: 123
ASCII text, with very long lines (13221)
downloaded
Chrome Cache Entry: 124
ASCII text, with very long lines (43864), with no line terminators
dropped
Chrome Cache Entry: 125
JPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, baseline, precision 8, 32x32, components 3
dropped
Chrome Cache Entry: 126
ASCII text, with very long lines (15752)
dropped
Chrome Cache Entry: 127
ASCII text, with very long lines (4272)
downloaded
Chrome Cache Entry: 128
ASCII text, with very long lines (4610)
dropped
Chrome Cache Entry: 129
ASCII text, with very long lines (4932), with no line terminators
downloaded
Chrome Cache Entry: 130
ASCII text, with very long lines (1840), with no line terminators
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (43864), with no line terminators
downloaded
Chrome Cache Entry: 132
Unicode text, UTF-8 text, with very long lines (2322)
downloaded
Chrome Cache Entry: 133
ASCII text, with very long lines (60665)
downloaded
Chrome Cache Entry: 134
ASCII text
downloaded
Chrome Cache Entry: 135
ASCII text, with very long lines (47510), with no line terminators
downloaded
Chrome Cache Entry: 136
ASCII text
downloaded
Chrome Cache Entry: 137
data
downloaded
Chrome Cache Entry: 138
Unicode text, UTF-8 text, with very long lines (8189)
downloaded
Chrome Cache Entry: 139
ASCII text, with very long lines (15752)
downloaded
Chrome Cache Entry: 140
Web Open Font Format (Version 2), TrueType, length 18588, version 1.0
downloaded
Chrome Cache Entry: 141
ASCII text, with very long lines (4272)
dropped
Chrome Cache Entry: 142
ASCII text, with very long lines (41281)
downloaded
Chrome Cache Entry: 143
ASCII text, with very long lines (4610)
downloaded
Chrome Cache Entry: 144
ASCII text, with very long lines (3828)
downloaded
Chrome Cache Entry: 145
Unicode text, UTF-8 text, with very long lines (2322)
dropped
Chrome Cache Entry: 146
ASCII text, with very long lines (23659), with no line terminators
dropped
Chrome Cache Entry: 147
PNG image data, 1263 x 675, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 90
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 91
ASCII text, with very long lines (16214)
downloaded
Chrome Cache Entry: 92
ASCII text, with very long lines (1840), with no line terminators
dropped
Chrome Cache Entry: 93
data
dropped
Chrome Cache Entry: 94
ASCII text, with very long lines (10597), with no line terminators
downloaded
Chrome Cache Entry: 95
ASCII text, with very long lines (10597), with no line terminators
dropped
Chrome Cache Entry: 96
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 97
ASCII text, with very long lines (32920), with no line terminators
downloaded
Chrome Cache Entry: 98
Web Open Font Format (Version 2), TrueType, length 16896, version 1.0
downloaded
Chrome Cache Entry: 99
ASCII text, with very long lines (65447)
dropped
There are 55 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1872,i,8994723210401793155,8171486414409997631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dev-faa-gov-secure.pantheonsite.io/?email=jarodriguez@flylcpa.com"

URLs

Name
IP
Malicious
https://dev-faa-gov-secure.pantheonsite.io/?email=jarodriguez@flylcpa.com
malicious
https://dev-faa-gov-secure.pantheonsite.io/?email=jarodriguez@flylcpa.com
23.185.0.4
 malicious
https://dev-faa-gov-secure.pantheonsite.io/?email=jarodriguez%40flylcpa.com
malicious
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.12.2
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/js/frontend.min.js?ve
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/css/theme-ie11.min.css?ver=2.5.12.2
23.185.0.4
https://jqueryui.com
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/2024/10/Screenshot-2024-10-10-at-17-15
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/widget-icon-list.
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/2024/10/cropped-gf-270x270.jpg
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=3.24.6
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.12.2
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-includes/js/wp-emoji-release.min.js?ver=6.6.2
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/2024/10/cropped-gf-180x180.jpg
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fdev-faa-gov-se
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/conditionals/e-sw
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=6.0.7
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-includes/js/dist/a11y.min.js?ver=d90eebea464f6c09bfd5
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/css/theme.min.css?ver=2.5.12.2
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffe
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/elementor/css/global.css?ver=1728577470
23.185.0.4
https://swiperjs.com
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/elementor/css/post-8.css?ver=172857747
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/essential-addons-elementor/eael-8.css?ver=1728577011
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/2024/10/Screenshot-2024-10-10-at-17-15-31-Federal-Aviation-Administration.png
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=6.0.7
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/elementor/css/post-7.css?ver=1728576622
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/widget-image.min.
unknown
https://dev-faa-gov-secure.pantheonsite.io/
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/2024/10/cropped-gf-192x192.jpg
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swi
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/css/theme.min.css?ver=2.5
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/conditionals/e-swiper.min.css?ver=3.24.6
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/js/webpack.runtime.mi
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.24.6
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/essential-addons-for-elementor-lite/as
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.8.3
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/js/frontend-modules.m
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/elementor/css/post-7.css?ver=172857662
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/css/theme-ie11.min.css?ve
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=3.24.6
23.185.0.4
https://api.jqueryui.com/position/
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.24.6
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.24.6
23.185.0.4
https://api.w.org/
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.24.6
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/js/gravityforms.min.js?ve
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-json/wp/v2/pages/8
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/elementor/css/post-8.css?ver=1728577470
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/comments/feed/
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/elementor/css/global.css?ver=172857747
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/css/basic.min.css?ver=2.5
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/essential-addons-elementor/eael-8.js?ver=1728577011
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/xmlrpc.php?rsd
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.8.3
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/widget-heading.mi
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/2024/10/cropped-gf-32x32.jpg
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/themes/astra/assets/js/minified/flexibility.mi
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/2024/10/gf.svg
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-json/
unknown
https://jquery.org/license
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/frontend.min.css?
unknown
https://getbootstrap.com)
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.12.2
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/feed/
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/themes/astra/assets/js/minified/frontend.min.j
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.24.6
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/js/placeholders.jquery.mi
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/themes/astra/assets/css/minified/main.min.css?
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/essential-addons-elementor/eael-8.css?
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/uploads/essential-addons-elementor/eael-8.js?v
unknown
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5
23.185.0.4
https://dev-faa-gov-secure.pantheonsite.io/wp-content/plugins/gravityforms/css/basic.min.css?ver=2.5.12.2
23.185.0.4
There are 69 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dev-faa-gov-secure.pantheonsite.io
unknown
 malicious
fe4.edge.pantheon.io
23.185.0.4
www.google.com
142.250.185.228

IPs

IP
Domain
Country
Malicious
142.250.185.228
www.google.com
United States
192.168.2.16
unknown
unknown
239.255.255.250
unknown
Reserved
23.185.0.4
fe4.edge.pantheon.io
United States
142.250.186.164
unknown
United States

DOM / HTML

URL
Malicious
https://dev-faa-gov-secure.pantheonsite.io/?email=jarodriguez%40flylcpa.com
 malicious