IOC Report
https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 38
ASCII text
downloaded
Chrome Cache Entry: 39
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
downloaded

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2216,i,14187799758207872673,14442970336596630755,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details"

URLs

Name
IP
Malicious
https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details
https://ithelpdesk.automationanywhere.com/Login.jsp?serviceurl=%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetails
204.141.42.199
https://accounts.zoho.com/samlauthrequest/630778920?serviceurl=https%3A%2F%2Fithelpdesk.automationanywhere.com%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetails&servicename=SDPOnDemand&portal_id=630778920&hide_signup=false
204.141.42.100
https://automationanywhere.okta.com/api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=abc4780733b2999dc5536ea4bf18a7237d32beafe91e2f7611b8af3ecb8ae0d0dfb208992a3b1ecefd0c0f9333f4b59d
13.248.165.67
https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details
204.141.42.199
https://automationanywhere.okta.com/favicon.ico
13.248.165.67

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
csdp.manageuser.com
204.141.42.199
dpxbp5vi8wz3w.cloudfront.net
52.222.214.58
www.google.com
142.251.116.105
ae52e19d4a7095f43.awsglobalaccelerator.com
13.248.165.67
accounts.zoho.com
204.141.42.100
fp2e7a.wpc.phicdn.net
192.229.221.95
ithelpdesk.automationanywhere.com
unknown
ok6static.oktacdn.com
unknown
automationanywhere.okta.com
unknown

IPs

IP
Domain
Country
Malicious
142.251.116.105
www.google.com
United States
192.168.2.4
unknown
unknown
192.168.2.6
unknown
unknown
239.255.255.250
unknown
Reserved
76.223.42.213
unknown
United States
204.141.42.199
csdp.manageuser.com
United States
204.141.42.100
accounts.zoho.com
United States
13.248.165.67
ae52e19d4a7095f43.awsglobalaccelerator.com
United States
52.222.214.58
dpxbp5vi8wz3w.cloudfront.net
United States

DOM / HTML

URL
Malicious
https://automationanywhere.okta.com/app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3D