IOC Report
phish_alert_sp2_2.0.0.0.eml

loading gif

Files

File Path
Type
Category
Malicious
phish_alert_sp2_2.0.0.0.eml
RFC 822 mail, ASCII text, with very long lines (1985), with CRLF line terminators
initial sample
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 101
HTML document, ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 103
ASCII text, with very long lines (5796)
downloaded
Chrome Cache Entry: 104
JSON data
downloaded
Chrome Cache Entry: 106
HTML document, ASCII text, with very long lines (754), with no line terminators
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (4201)
downloaded
Chrome Cache Entry: 108
JSON data
downloaded
Chrome Cache Entry: 109
HTML document, ASCII text, with very long lines (1093)
downloaded
Chrome Cache Entry: 111
JSON data
dropped
Chrome Cache Entry: 112
Web Open Font Format (Version 2), TrueType, length 47828, version 1.0
downloaded
Chrome Cache Entry: 116
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 119
ASCII text, with very long lines (1490)
downloaded
Chrome Cache Entry: 123
HTML document, ASCII text, with very long lines (2592), with no line terminators
dropped
Chrome Cache Entry: 125
JSON data
dropped
Chrome Cache Entry: 127
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 128
ASCII text, with very long lines (31995)
downloaded
Chrome Cache Entry: 129
JSON data
downloaded
Chrome Cache Entry: 130
ASCII text
dropped
Chrome Cache Entry: 131
gzip compressed data, original size modulo 2^32 57055
downloaded
Chrome Cache Entry: 133
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 138
ASCII text, with very long lines (1571)
downloaded
Chrome Cache Entry: 140
ASCII text, with very long lines (22462)
downloaded
Chrome Cache Entry: 142
ASCII text, with very long lines (42611)
dropped
Chrome Cache Entry: 143
ASCII text, with very long lines (11231)
downloaded
Chrome Cache Entry: 145
PNG image data, 192 x 192, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 146
ASCII text, with very long lines (8686)
downloaded
Chrome Cache Entry: 147
ASCII text, with very long lines (42611)
downloaded
Chrome Cache Entry: 149
JSON data
dropped
Chrome Cache Entry: 151
ASCII text, with very long lines (9198)
downloaded
Chrome Cache Entry: 152
gzip compressed data, was "tmpn38be2p_", last modified: Wed Oct 9 15:23:15 2024, max compression, original size modulo 2^32 291442
dropped
Chrome Cache Entry: 153
Unicode text, UTF-8 text, with very long lines (65461)
downloaded
Chrome Cache Entry: 154
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 155
ASCII text, with very long lines (902), with no line terminators
dropped
Chrome Cache Entry: 158
gzip compressed data, max compression, from Unix, original size modulo 2^32 71723
dropped
Chrome Cache Entry: 159
Unicode text, UTF-8 text, with very long lines (18223)
downloaded
Chrome Cache Entry: 160
Unicode text, UTF-8 text, with very long lines (50522), with no line terminators
dropped
Chrome Cache Entry: 161
ASCII text, with very long lines (4201)
dropped
Chrome Cache Entry: 164
JSON data
downloaded
Chrome Cache Entry: 165
ASCII text, with very long lines (63670)
dropped
Chrome Cache Entry: 166
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 167
JSON data
downloaded
Chrome Cache Entry: 168
JSON data
downloaded
Chrome Cache Entry: 169
Web Open Font Format (Version 2), TrueType, length 48348, version 1.0
downloaded
Chrome Cache Entry: 170
JSON data
dropped
Chrome Cache Entry: 172
ASCII text, with very long lines (64749)
dropped
Chrome Cache Entry: 173
gzip compressed data, from Unix, original size modulo 2^32 3516
dropped
Chrome Cache Entry: 174
ASCII text
downloaded
Chrome Cache Entry: 175
Web Open Font Format (Version 2), TrueType, length 43516, version 1.0
downloaded
Chrome Cache Entry: 176
ASCII text, with very long lines (3457)
dropped
Chrome Cache Entry: 177
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 178
JSON data
dropped
There are 49 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true

Domains

Name
IP
Malicious
dart.l.doubleclick.net
142.250.186.70
tag.clearbitscripts.com
18.245.46.79
d31uqz37bvu6i7.cloudfront.net
13.32.118.196
js.hs-analytics.net
104.17.175.201
adservice.google.com
172.217.16.130
d340ru1tcj2c5x.cloudfront.net
52.222.214.68
eur02.safelinks.eop-tm2.outlook.com
104.47.11.28
d296je7bbdd650.cloudfront.net
13.249.86.140
track.hubspot.com
104.16.117.116
global-v4.clearbit.com
18.158.205.16
www.google.com
142.250.186.36
api.segment.io
34.223.74.168
app.clearbit.com
18.158.205.16
js.hs-banner.com
172.64.147.16
d3m3a7p0ze7hmq.cloudfront.net
143.204.215.81
x4whrmz.x.incapdns.net
45.223.20.103
sentry.infrastructure.pandadoc.com
54.148.238.104
ad.doubleclick.net
142.250.186.38
edge.fullstory.com
35.201.112.186
ax-0001.ax-msedge.net
150.171.28.10
bm2ydo9.impervadns.net
45.223.20.103
js-na1.hs-scripts.com
104.16.141.209
td.doubleclick.net
172.217.18.2
cdn.cookielaw.org
104.18.87.42
geolocation.onetrust.com
104.18.32.137
dr79nymq4x8i9.cloudfront.net
3.160.156.176
static.prod.pandadoc-static.com
unknown
x.clearbitjs.com
unknown
cdn.segment.com
unknown
api.pandadoc.com
unknown
app.pandadoc.com
unknown
eur02.safelinks.protection.outlook.com
unknown
12370631.fls.doubleclick.net
unknown
There are 23 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
35.160.35.184
unknown
United States
20.189.173.4
unknown
United States
142.250.185.226
unknown
United States
13.249.86.140
d296je7bbdd650.cloudfront.net
United States
18.158.205.16
global-v4.clearbit.com
United States
104.16.118.116
unknown
United States
142.251.168.84
unknown
United States
104.18.32.137
geolocation.onetrust.com
United States
104.47.11.28
eur02.safelinks.eop-tm2.outlook.com
United States
142.250.186.70
dart.l.doubleclick.net
United States
142.250.184.227
unknown
United States
104.16.138.209
unknown
United States
143.204.215.75
unknown
United States
104.18.87.42
cdn.cookielaw.org
United States
1.1.1.1
unknown
Australia
142.250.186.36
www.google.com
United States
142.250.186.38
ad.doubleclick.net
United States
216.58.206.40
unknown
United States
13.32.118.196
d31uqz37bvu6i7.cloudfront.net
United States
172.217.18.2
td.doubleclick.net
United States
172.64.155.119
unknown
United States
34.223.74.168
api.segment.io
United States
52.222.214.89
unknown
United States
104.17.175.201
js.hs-analytics.net
United States
239.255.255.250
unknown
Reserved
3.127.196.46
unknown
United States
104.16.141.209
js-na1.hs-scripts.com
United States
18.245.46.79
tag.clearbitscripts.com
United States
142.250.186.142
unknown
United States
99.86.8.175
unknown
United States
142.250.185.206
unknown
United States
192.168.2.16
unknown
unknown
3.160.156.176
dr79nymq4x8i9.cloudfront.net
United States
45.223.20.103
x4whrmz.x.incapdns.net
United States
150.171.28.10
ax-0001.ax-msedge.net
United States
172.64.147.16
js.hs-banner.com
United States
104.16.160.168
unknown
United States
142.250.184.200
unknown
United States
52.113.194.132
unknown
United States
54.148.238.104
sentry.infrastructure.pandadoc.com
United States
18.153.4.44
unknown
United States
142.250.185.170
unknown
United States
35.201.112.186
edge.fullstory.com
United States
143.204.215.81
d3m3a7p0ze7hmq.cloudfront.net
United States
172.217.16.130
adservice.google.com
United States
104.16.117.116
track.hubspot.com
United States
52.222.214.68
d340ru1tcj2c5x.cloudfront.net
United States
18.245.46.12
unknown
United States
172.217.16.131
unknown
United States
There are 39 hidden IPs, click here to show them.