IOC Report
https://page-view-reserved-en.com/erabwasi

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 62
MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
dropped
Chrome Cache Entry: 63
PNG image data, 600 x 600, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 64
ASCII text, with very long lines (30837)
downloaded
Chrome Cache Entry: 65
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 66
ASCII text, with very long lines (331), with CRLF line terminators
downloaded
Chrome Cache Entry: 67
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 68
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 69
ASCII text, with very long lines (32062)
downloaded
Chrome Cache Entry: 70
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 71
ASCII text, with very long lines (32062)
dropped
Chrome Cache Entry: 72
Algol 68 source, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 73
Algol 68 source, Unicode text, UTF-8 text, with CRLF line terminators
dropped
Chrome Cache Entry: 74
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x680, components 3
dropped
Chrome Cache Entry: 75
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 76
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 77
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 78
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 79
MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
downloaded
Chrome Cache Entry: 80
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x680, components 3
downloaded
Chrome Cache Entry: 81
PNG image data, 600 x 600, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 82
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 83
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (2950)
downloaded
Chrome Cache Entry: 85
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 86
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 87
Algol 68 source, Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 88
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 89
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 90
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 91
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 92
Algol 68 source, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 93
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 94
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 95
ASCII text, with very long lines (65451)
dropped
Chrome Cache Entry: 96
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 97
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 98
SVG Scalable Vector Graphics image
downloaded
There are 28 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2300,i,1823549340800884918,8321278978970341712,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://page-view-reserved-en.com/erabwasi"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5288 --field-trial-handle=2300,i,1823549340800884918,8321278978970341712,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://page-view-reserved-en.com/erabwasi
malicious
https://page-view-reserved-en.com/erabwasi
malicious
https://page-view-reserved-en.com/dist/booking/booking/blur_input.js
104.21.88.25
https://page-view-reserved-en.com/chat/erabwasi
104.21.88.25
http://fontawesome.io
unknown
https://page-view-reserved-en.com/dist/booking/booking/img/cards/visa.svg
104.21.88.25
https://page-view-reserved-en.com/dist/booking/booking/img/cards/jcb.svg
104.21.88.25
https://page-view-reserved-en.com/dist/chat/chat.css
104.21.88.25
https://page-view-reserved-en.com/dist/build/chat.css
104.21.88.25
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.24.14
https://a.nel.cloudflare.com/report/v4?s=yO7O7N0%2FVtxu%2F%2FRSSAur2kO2cgMSQM1O1SJjdw%2F9EUR7gwSlRURZ%2FAmlDXJTxyIWMwC%2B9LA9Vnoeebiu0I3wUjOvQT3I3%2Bz46RksZawqwwu%2FGfcngUY31KzMvVApgY719%2FSRjDSwI4CcWYJ0
35.190.80.1
https://page-view-reserved-en.com/ajax/msg_check.php
104.21.88.25
https://page-view-reserved-en.com/dist/booking/booking/img/cards/diners.svg
104.21.88.25
https://page-view-reserved-en.com/ajax/user_send_status.php
104.21.88.25
https://page-view-reserved-en.com/
172.67.150.74
https://page-view-reserved-en.com/ajax/chat_action.php
104.21.88.25
https://page-view-reserved-en.com/ajax/payment_card_status.php
104.21.88.25
https://page-view-reserved-en.com/dist/booking/booking/img/cards/discover.svg
104.21.88.25
http://fontawesome.io/license
unknown
https://page-view-reserved-en.com/dist/booking/booking/submit-new8.js?v=561354
104.21.88.25
https://page-view-reserved-en.com/dist/booking/booking/img/cards/mc.svg
104.21.88.25
https://page-view-reserved-en.com/dist/booking/booking/img/cards/amex.svg
104.21.88.25
https://page-view-reserved-en.com/dist/booking/booking/styles-new4.css?v=5
104.21.88.25
https://page-view-reserved-en.com/dist/merchant/v1/jquery.min.js
104.21.88.25
https://page-view-reserved-en.com/dist/chat/chat.mp3
104.21.88.25
https://page-view-reserved-en.com/js/jquery-3.1.1.min.js
104.21.88.25
https://page-view-reserved-en.com/dist/img/support.png
104.21.88.25
https://page-view-reserved-en.com/dist/booking/booking/img/cards/unionpay.svg
104.21.88.25
https://page-view-reserved-en.com/dist/sites/ALL/booking/favicon.ico
104.21.88.25
https://page-view-reserved-en.com/dist/booking/booking/img/cards/cartebancaire.svg
104.21.88.25
https://page-view-reserved-en.com/chat/%7Bimage%7D
104.21.88.25
https://cf.bstatic.com/xdata/images/hotel/max1024x768/189308246.jpg?k=8d32a5dfc2d7e843b2a2fe4d2799f42a8586657acf01e5166e40ca5c6c533a0f&o=&hp=1
18.245.31.18
There are 21 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
d2i5gg36g14bzn.cloudfront.net
18.245.31.18
a.nel.cloudflare.com
35.190.80.1
cdnjs.cloudflare.com
104.17.24.14
www.google.com
142.250.186.100
page-view-reserved-en.com
104.21.88.25
cf.bstatic.com
unknown

IPs

IP
Domain
Country
Malicious
104.17.24.14
cdnjs.cloudflare.com
United States
172.67.150.74
unknown
United States
104.21.88.25
page-view-reserved-en.com
United States
192.168.2.6
unknown
unknown
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved
18.245.31.18
d2i5gg36g14bzn.cloudfront.net
United States
142.250.186.100
www.google.com
United States
35.190.80.1
a.nel.cloudflare.com
United States

DOM / HTML

URL
Malicious
https://page-view-reserved-en.com/erabwasi
https://page-view-reserved-en.com/erabwasi
https://page-view-reserved-en.com/erabwasi
https://page-view-reserved-en.com/erabwasi
https://page-view-reserved-en.com/erabwasi