IOC Report
https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 157
PNG image data, 233 x 50, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 158
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 159
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 160
gzip compressed data, from Unix, original size modulo 2^32 7324
downloaded
Chrome Cache Entry: 162
Web Open Font Format (Version 2), TrueType, length 14940, version 1.0
downloaded
Chrome Cache Entry: 164
Unicode text, UTF-8 text, with very long lines (49026), with LF, NEL line terminators
downloaded
Chrome Cache Entry: 166
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0
downloaded
Chrome Cache Entry: 167
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 168
HTML document, ASCII text
downloaded
Chrome Cache Entry: 170
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 173
PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 174
gzip compressed data, from Unix, original size modulo 2^32 223282
downloaded
Chrome Cache Entry: 175
ASCII text, with very long lines (1434), with no line terminators
dropped
Chrome Cache Entry: 176
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3
downloaded
Chrome Cache Entry: 177
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 178
Web Open Font Format (Version 2), CFF, length 42632, version 2.0
downloaded
Chrome Cache Entry: 181
gzip compressed data, from Unix, original size modulo 2^32 141825
downloaded
Chrome Cache Entry: 182
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 183
HTML document, ASCII text, with very long lines (617)
downloaded
Chrome Cache Entry: 184
gzip compressed data, from Unix, original size modulo 2^32 1819571
downloaded
Chrome Cache Entry: 185
PNG image data, 50 x 1155, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 187
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 189
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 190
gzip compressed data, from Unix, original size modulo 2^32 209447
downloaded
Chrome Cache Entry: 196
HTML document, ASCII text, with very long lines (65080)
downloaded
Chrome Cache Entry: 197
gzip compressed data, max compression, original size modulo 2^32 3242
downloaded
Chrome Cache Entry: 198
Web Open Font Format (Version 2), TrueType, length 105804, version 1.0
downloaded
Chrome Cache Entry: 199
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 201
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
downloaded
Chrome Cache Entry: 202
Web Open Font Format (Version 2), TrueType, length 98868, version 1.0
downloaded
Chrome Cache Entry: 203
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 204
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 207
ASCII text, with very long lines (18026)
dropped
Chrome Cache Entry: 208
MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
dropped
Chrome Cache Entry: 209
gzip compressed data, from Unix, original size modulo 2^32 556
downloaded
There are 32 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395
malicious
https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au
malicious
https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1
malicious
http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.au
http://aa.ns.agingbydesignministry.org/?_js=asd
3.211.174.227
http://aa.ns.agingbydesignministry.org/?_css_main=ok
3.211.174.227
http://aa.ns.agingbydesignministry.org/favicon.ico
3.211.174.227
http://aa.ns.agingbydesignministry.org/?_red=1
3.211.174.227
http://aa.ns.agingbydesignministry.org/?_jd=botd
3.211.174.227
http://aa.ns.agingbydesignministry.org/?_js_main=12
3.211.174.227

Domains

Name
IP
Malicious
0nline.babjeetrading.com
172.236.233.44
 malicious
680c737c-daa070be.babjeetrading.com
172.236.233.44
 malicious
6afe6eac-daa070be.babjeetrading.com
172.236.233.44
7a77ef93-daa070be.babjeetrading.com
172.236.233.44
nym1-ib.adnxs.com
68.67.179.164
login-okta.babjeetrading.com
172.236.233.44
www.google.com
142.250.185.164
baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.com
52.210.33.116
server-38541367.us-east-1.elb.amazonaws.com
3.211.174.227
a609b987-daa070be.babjeetrading.com
172.236.233.44
aa.ns.agingbydesignministry.org
unknown
60ms64xz.r.eu-west-1.awstrack.me
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.236.233.44
0nline.babjeetrading.com
United States
malicious
142.250.184.195
unknown
United States
142.250.185.67
unknown
United States
34.104.35.123
unknown
United States
1.1.1.1
unknown
Australia
142.250.186.36
unknown
United States
216.58.212.131
unknown
United States
216.58.212.132
unknown
United States
142.250.186.163
unknown
United States
142.250.186.174
unknown
United States
52.210.33.116
baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.com
United States
192.168.2.16
unknown
unknown
3.211.174.227
server-38541367.us-east-1.elb.amazonaws.com
United States
64.233.166.84
unknown
United States
142.250.185.170
unknown
United States
239.255.255.250
unknown
Reserved
142.250.185.174
unknown
United States
172.217.23.99
unknown
United States
142.250.185.164
www.google.com
United States
142.250.185.131
unknown
United States
68.67.179.164
nym1-ib.adnxs.com
United States
172.217.16.195
unknown
United States
142.250.184.202
unknown
United States
216.58.212.170
unknown
United States
There are 14 hidden IPs, click here to show them.