IOC Report
http://begantotireo.xyz

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:32:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:32:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:32:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:32:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 13:32:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 69
ASCII text
downloaded
Chrome Cache Entry: 70
ASCII text, with very long lines (1932)
downloaded
Chrome Cache Entry: 71
HTML document, ASCII text
downloaded
Chrome Cache Entry: 72
JSON data
downloaded
Chrome Cache Entry: 73
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 74
gzip compressed data, max speed, from Unix, original size modulo 2^32 15888
downloaded
Chrome Cache Entry: 75
ASCII text, with very long lines (386), with no line terminators
dropped
Chrome Cache Entry: 76
ASCII text
dropped
Chrome Cache Entry: 77
gzip compressed data, max speed, from Unix, truncated
dropped
Chrome Cache Entry: 78
HTML document, ASCII text, with very long lines (14083)
downloaded
Chrome Cache Entry: 79
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 80
ASCII text, with very long lines (386), with no line terminators
downloaded
Chrome Cache Entry: 81
gzip compressed data, max speed, from Unix, truncated
downloaded
Chrome Cache Entry: 82
gzip compressed data, max speed, from Unix, truncated
dropped
Chrome Cache Entry: 83
ASCII text, with very long lines (1932)
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (1932)
dropped
Chrome Cache Entry: 85
ASCII text, with very long lines (1932)
dropped
Chrome Cache Entry: 86
gzip compressed data, max speed, from Unix, truncated
downloaded
There are 15 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1968,i,17141759005660411578,10118279808094888985,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://begantotireo.xyz"
 malicious

URLs

Name
IP
Malicious
http://begantotireo.xyz
malicious
https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
142.250.181.68
http://ww38.begantotireo.xyz/ls.php?t=67448a9a&token=8046a9ef8675aca4e45d529a18f8a6dc08d1152f
13.248.148.254
https://begantotireo.xyz/
103.224.212.217
http://begantotireo.xyz/
103.224.212.217
https://syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=5rtaqbsbo4vc&aqid=o4pEZ8bUDonymLAPgauhgQk&psid=7840396037&pbt=bs&adbx=375&adby=93&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=697661440&csala=6%7C0%7C2876%7C3286%7C477&lle=0&ifv=1&hpt=1
172.217.19.174
https://syndicatedsearch.goog
unknown
https://syndicatedsearch.goog/adsense/domains/caf.js?pac=2
172.217.19.174
http://ww38.begantotireo.xyz/track.php?domain=begantotireo.xyz&toggle=browserjs&uid=MTczMjU0NTE3OC41Nzc6ZDM5NmFlM2YxMTYyZWY4NmY4NTQ2NzViYWQ3M2Y4YTg1MjQ4NGE1ZjM3ODljYjE2YWQyMzBhYmNkOWRhNmM4NTo2NzQ0OGE5YThjZTBh
13.248.148.254
http://c.parkingcrew.net/scripts/sale_form.js
185.53.178.30
http://ww38.begantotireo.xyz/track.php?domain=begantotireo.xyz&caf=1&toggle=answercheck&answer=yes&uid=MTczMjU0NTE3OC41Nzc6ZDM5NmFlM2YxMTYyZWY4NmY4NTQ2NzViYWQ3M2Y4YTg1MjQ4NGE1ZjM3ODljYjE2YWQyMzBhYmNkOWRhNmM4NTo2NzQ0OGE5YThjZTBh
13.248.148.254
http://ww38.begantotireo.xyz/favicon.ico
13.248.148.254
https://www.godaddy.com/domainsearch/find?checkAvail=1&domainToCheck=begantotireo.xyz
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
108.158.71.217
http://ww38.begantotireo.xyz/
https://syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=wdwh57h0arz8&aqid=o4pEZ8bUDonymLAPgauhgQk&psid=7840396037&pbt=bv&adbx=375&adby=93&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=697661440&csala=6%7C0%7C2876%7C3286%7C477&lle=0&ifv=1&hpt=1
172.217.19.174
http://www.mydomainbuy.com/sale_form.php?salelink=1&domain_name=begantotireo.xyz
63.33.29.236
https://www.mydomainbuy.com/sale_form.php?salelink=1&domain_name=begantotireo.xyz
52.211.100.182
https://www.google.com/pagead/1p-conversion/16521530460/?gad_source=1&adview_type=5
unknown
There are 8 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
begantotireo.xyz
103.224.212.217
 malicious
ww38.begantotireo.xyz
unknown
 malicious
701602.parkingcrew.net
13.248.148.254
syndicatedsearch.goog
172.217.19.174
www.mydomainbuy.com
63.33.29.236
www.google.com
142.250.181.68
c.parkingcrew.net
185.53.178.30
d38psrni17bvxu.cloudfront.net
108.158.71.217
www.godaddy.com
unknown

IPs

IP
Domain
Country
Malicious
103.224.212.217
begantotireo.xyz
Australia
malicious
13.248.148.254
701602.parkingcrew.net
United States
108.158.71.217
d38psrni17bvxu.cloudfront.net
United States
63.33.29.236
www.mydomainbuy.com
United States
172.217.19.174
syndicatedsearch.goog
United States
52.211.100.182
unknown
United States
192.168.2.6
unknown
unknown
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved
76.223.26.96
unknown
United States
185.53.178.30
c.parkingcrew.net
Germany
142.250.181.68
www.google.com
United States
There are 2 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
http://ww38.begantotireo.xyz/
http://ww38.begantotireo.xyz/
http://ww38.begantotireo.xyz/
http://ww38.begantotireo.xyz/
https://www.godaddy.com/domainsearch/find?checkAvail=1&domainToCheck=begantotireo.xyz