IOC Report
http://togetherdating.co

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:21:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:21:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:21:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:21:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:21:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

Chrome Cache Entry: 69

gzip compressed data, from Unix, original size modulo 2^32 13849

downloaded

Chrome Cache Entry: 70

gzip compressed data, from Unix, original size modulo 2^32 5058

downloaded

Chrome Cache Entry: 71

gzip compressed data, from Unix, original size modulo 2^32 23854

downloaded

Chrome Cache Entry: 73

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1138x776, components 3

dropped

Chrome Cache Entry: 74

gzip compressed data, from Unix, original size modulo 2^32 6946

downloaded

Chrome Cache Entry: 75

gzip compressed data, from Unix, original size modulo 2^32 2278

downloaded

Chrome Cache Entry: 76

gzip compressed data, from Unix, original size modulo 2^32 56736

downloaded

Chrome Cache Entry: 79

gzip compressed data, from Unix, original size modulo 2^32 41912

downloaded

Chrome Cache Entry: 80

gzip compressed data, from Unix, original size modulo 2^32 3056

downloaded

Chrome Cache Entry: 81

gzip compressed data, from Unix, original size modulo 2^32 47748

downloaded

Chrome Cache Entry: 82

gzip compressed data, from Unix, original size modulo 2^32 108028

downloaded

Chrome Cache Entry: 83

PNG image data, 4 x 8, 8-bit/color RGBA, interlaced

dropped

Chrome Cache Entry: 84

gzip compressed data, from Unix, original size modulo 2^32 3477

downloaded

Chrome Cache Entry: 85

gzip compressed data, from Unix, original size modulo 2^32 15552

downloaded

Chrome Cache Entry: 86

gzip compressed data, from Unix, original size modulo 2^32 83606

downloaded

Chrome Cache Entry: 87

ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 88

PNG image data, 121 x 33, 8-bit colormap, non-interlaced

dropped

There are 14 hidden files, click here to show them.

URLs

Name

IP

Malicious

http://togetherdating.co

http://static.parastorage.com/services/third-party/fonts/Helvetica/Fonts/530dee22-e3c1-4e9f-bf62-c31d510d9656.woff

34.49.229.81

http://static.parastorage.com/services/third-party/fonts/Helvetica/fontFace.css

34.49.229.81

http://togetherdating.co/

http://static.parastorage.com/services/wix-public/1.719.0/scripts/error-pages/locale/messages_en.js

34.49.229.81

http://static.parastorage.com/services/wix-public/1.719.0/styles/error-pages/styles.css

34.49.229.81

http://static.parastorage.com/services/third-party/angularjs/1.2.28/angular.min.js

34.49.229.81

http://static.parastorage.com/services/wix-public/1.719.0/images/error-pages/cable-spaghetti-bg.jpg

34.49.229.81

http://static.parastorage.com/services/third-party/angular-translate/1.1.1/angular-translate.min.js

34.49.229.81

http://static.parastorage.com/services/wix-public/1.719.0/images/error-pages/link-arrow.png

34.49.229.81

http://static.parastorage.com/services/wix-public/1.719.0/scripts/error-pages/app.js

34.49.229.81

http://www.wix.com/favicon.ico

34.149.87.45

http://static.parastorage.com/services/third-party/angularjs/1.2.28/i18n/angular-locale_en.js

34.49.229.81

http://static.parastorage.com/services/wix-public/1.719.0/images/error-pages/logo.png

34.49.229.81

http://static.parastorage.com/services/third-party/jquery/2.0.3/jquery.min.js

34.49.229.81

http://static.parastorage.com/services/third-party/fonts/Helvetica/Fonts/bcf54343-d033-41ee-bbd7-2b77df3fe7ba.woff

34.49.229.81

http://static.parastorage.com/services/third-party/fonts/Helvetica/Fonts/60be5c39-863e-40cb-9434-6ebafb62ab2b.woff

34.49.229.81

There are 6 hidden URLs, click here to show them.

Domains

Name

IP

Malicious

togetherdating.co

185.230.63.107

Details

Name:	togetherdating.co
IP:	185.230.63.107
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

td-static-34-49-229-81.parastorage.com

34.49.229.81

www.google.com

142.251.111.99

td-ccm-neg-87-45.wixdns.net

34.149.87.45

static.parastorage.com

unknown

Details

Name:	static.parastorage.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

www.wix.com

unknown

Details

Name:	www.wix.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

IPs

IP

Domain

Country

Malicious

172.253.122.139

unknown

United States

185.230.63.107

togetherdating.co

Israel

142.251.111.99

www.google.com

United States

1.1.1.1

unknown

Australia

239.255.255.250

unknown

Reserved

172.253.63.84

unknown

United States

192.168.2.16

unknown

unknown

34.49.229.81

td-static-34-49-229-81.parastorage.com

United States

34.149.87.45

td-ccm-neg-87-45.wixdns.net

United States

172.253.115.94

unknown

United States