IOC Report
https://yancesybros.com/WHF9842BVD.html

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 56
HTML document, ASCII text, with very long lines (11800), with CRLF line terminators
downloaded
Chrome Cache Entry: 57
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 58
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 59
PNG image data, 3396 x 1920, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 60
HTML document, Unicode text, UTF-8 text, with very long lines (2295)
downloaded
Chrome Cache Entry: 61
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 62
ASCII text, with very long lines (47694)
dropped
Chrome Cache Entry: 63
PNG image data, 80 x 67, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 64
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 65
ASCII text, with very long lines (47992), with no line terminators
dropped
Chrome Cache Entry: 66
PNG image data, 80 x 67, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 67
ASCII text, with very long lines (8108), with no line terminators
dropped
Chrome Cache Entry: 68
ASCII text, with very long lines (47992), with no line terminators
downloaded
Chrome Cache Entry: 69
ASCII text, with very long lines (8016), with no line terminators
downloaded
Chrome Cache Entry: 70
ASCII text, with very long lines (47694)
downloaded
Chrome Cache Entry: 71
ASCII text, with very long lines (1321), with CRLF line terminators
dropped
Chrome Cache Entry: 72
HTML document, ASCII text, with very long lines (31789), with CRLF line terminators
downloaded
Chrome Cache Entry: 73
PNG image data, 3396 x 1920, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 74
ASCII text, with very long lines (1329), with CRLF line terminators
downloaded
Chrome Cache Entry: 75
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
There are 11 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2200,i,14020259663435035304,8067086571185924884,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://yancesybros.com/WHF9842BVD.html"

URLs

Name
IP
Malicious
https://yancesybros.com/WHF9842BVD.html
malicious
https://choicesff.com/res444.php?2-68747470733a2f2f4e4c2e6e73696369756d62652e636f6d2f615871725148742f-moray
69.49.245.172
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/717006795:1732559173:kR_0HaZjcMZ7NfcZjqJuMDbFTXd9SIuUQzr_to9VflA/8e83c97ff9621a48/QWQsdJI..ng.S_E0NSLTwx4vMMqFdMlyiLvXMg2W.bA-1732560235-1.1.1.1-tyv.fmORLOP0o6ZDwUZKHTQB_0sn6fnqojbSmrY7nOw7eNcPKLaZ4jJdNlCOZxav
104.18.94.41
https://yancesybros.com/favicon.ico
172.67.189.74
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8e83c97ff9621a48/1732560240060/ec9946d522a774066924225e9979f9a285d0363b428f53c5859ec557411cd08f/gqZRZaI8vUHtMGS
104.18.94.41
https://a.nel.cloudflare.com/report/v4?s=3c6QTTvejV081hWYQg2nYd3f1J%2FkO%2F7al7UIK1r9Qa6a%2FYTKquwi7RMLTpYKTruLukdtPuMi4Fnq69aCqjwmEx98A%2FQcH75wH7Mupwi51mF5PLQ6bKl7EveK4k%2Fha03iwe8%3D
35.190.80.1
https://code.jquery.com/jquery-3.6.0.min.js
151.101.194.137
https://yancesybros.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8e83c9569b4eefa7
172.67.189.74
https://yancesybros.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
172.67.189.74
https://yancesybros.com/WHF9842BVD.html
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e83c97ff9621a48&lang=auto
104.18.94.41
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
104.18.94.41
https://yancesybros.com/cdn-cgi/challenge-platform/h/g/flow/ov1/121176288:1732559265:7lJ7n7BdOJx3cf64Km5o6XhhTjh1yazfNFmmaS1TOb0/8e83c9569b4eefa7/NVxlqQ0CuOO_mq_ADX6BzRNv15dryg_MCjBHsRZiF_M-1732560228-1.2.1.1-BSHpMKKlNjDcEJtMM5Iqnf.JCyWX7aLd0e6uY.qTM_J3gynsL2deklactUUpBCnz
172.67.189.74
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/a7tsf/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
104.18.94.41
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdrhY6zM7txEf61nPO67_Cl7rOyCGsyEb9GaIEqe3M-p-yN2nJeBUGCXkDygK7t8xYVcKwSgu4v0_u6EZF5srUh16p0vNl1K8hBeBV8dg-KcOpt7y8vrkamMOU2HxW0STp0JDEp21FWuCWxDXZX0EtxoLPSBWR6WwhXZglXIvWXbh24ojuyofD6htY8D4/s3396/userinter.png
172.217.19.225
https://yancesybros.com/WHF9842BVD.html?__cf_chl_rt_tk=Dveq2bajeb4.68juqKcEwLAC3uO_Xxj5VhibRkg9Lpo-1732560228-1.0.1.1-EQcS5msdFBnN_w.DEowher7hBFNGCCOYXT25SAX1UmY
https://a.nel.cloudflare.com/report/v4?s=QenT1uH9OoSpHete%2BQQiHKTgNBfukx%2FXYGk9UxFsUG0WGJfkaYgxdBu1LuP5yZqNoShH%2FqyOiZVX3xU8FGE9TzExwaq%2Bx5dVMm8zIX5qZLYGahygqYm9twgG1mKZONogb0Y%3D
35.190.80.1
https://a.nel.cloudflare.com/report/v4?s=xyifoI35i%2FMJzlipwl%2FxusHBjg2%2BqvOlnGIX%2Bba20MeoFKI90K%2FbtfKZq3i%2BwaJVe9%2BdFyCFH8%2FD5FUH7Ij8YJTyFni80eprsSggv5cpQwS8c2zSGBRfNbNopSqqvi3wKYM%3D
35.190.80.1
https://nl.nsiciumbe.com/aXqrQHt/
https://nl.nsiciumbe.com/favicon.ico
104.21.63.27
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
104.17.25.14
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8e83c97ff9621a48/1732560240060/F7F6o63uyBc_7o8
104.18.94.41
https://yancesybros.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/e4025c85ea63/main.js?
172.67.189.74
There are 12 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
nl.nsiciumbe.com
104.21.63.27
 malicious
a.nel.cloudflare.com
35.190.80.1
code.jquery.com
151.101.194.137
cdnjs.cloudflare.com
104.17.25.14
challenges.cloudflare.com
104.18.94.41
yancesybros.com
172.67.189.74
www.google.com
142.250.181.68
googlehosted.l.googleusercontent.com
172.217.19.225
choicesff.com
69.49.245.172
blogger.googleusercontent.com
unknown

IPs

IP
Domain
Country
Malicious
104.21.63.27
nl.nsiciumbe.com
United States
malicious
104.17.24.14
unknown
United States
104.18.94.41
challenges.cloudflare.com
United States
69.49.245.172
choicesff.com
United States
104.18.95.41
unknown
United States
192.168.2.4
unknown
unknown
172.217.19.225
googlehosted.l.googleusercontent.com
United States
172.67.189.74
yancesybros.com
United States
239.255.255.250
unknown
Reserved
151.101.66.137
unknown
United States
142.250.181.68
www.google.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
151.101.194.137
code.jquery.com
United States
104.17.25.14
cdnjs.cloudflare.com
United States
There are 4 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://yancesybros.com/WHF9842BVD.html?__cf_chl_rt_tk=Dveq2bajeb4.68juqKcEwLAC3uO_Xxj5VhibRkg9Lpo-1732560228-1.0.1.1-EQcS5msdFBnN_w.DEowher7hBFNGCCOYXT25SAX1UmY
https://yancesybros.com/WHF9842BVD.html
https://yancesybros.com/WHF9842BVD.html
https://yancesybros.com/WHF9842BVD.html
https://yancesybros.com/WHF9842BVD.html
https://yancesybros.com/WHF9842BVD.html
https://nl.nsiciumbe.com/aXqrQHt/
https://nl.nsiciumbe.com/aXqrQHt/