IOC Report
https://portal.taxguardian.com/oesp/beginWorkflow.jsp?id=ab78ba00-97cb-4670-8904-47e00fd29a84&surveyId=9492&d=DwMFAw

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 45
ASCII text, with very long lines (1687), with CRLF line terminators
downloaded
Chrome Cache Entry: 46
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 47
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 48
JSON data
downloaded
Chrome Cache Entry: 49
Unicode text, UTF-8 (with BOM) text, with very long lines (57978), with CRLF line terminators
downloaded
Chrome Cache Entry: 50
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 51
Unicode text, UTF-8 text, with very long lines (65275)
downloaded
Chrome Cache Entry: 52
JSON data
dropped
Chrome Cache Entry: 53
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 54
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 55
HTML document, ASCII text, with CRLF line terminators
dropped
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1916,i,8787450946758814842,5685473267961392960,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://portal.taxguardian.com/oesp/beginWorkflow.jsp?id=ab78ba00-97cb-4670-8904-47e00fd29a84&surveyId=9492&d=DwMFAw"

URLs

Name
IP
Malicious
https://portal.taxguardian.com/oesp/beginWorkflow.jsp?id=ab78ba00-97cb-4670-8904-47e00fd29a84&surveyId=9492&d=DwMFAw
https://tgir.app.tax/_blazor?id=VRoY3yOcuAigPOENiskyZQ&_=1713537617885
34.225.34.17
https://tgir.app.tax/_blazor?id=y3F7mGkkxxsgmnxt56NaMQ&_=1713537640826
34.225.34.17
https://tgir.app.tax/_blazor?id=fMleuASZSmAVKQ4V-jVBwA&_=1713537611187
34.225.34.17
https://tgir.app.tax/_blazor?id=ZODOASwsuykE2w6jl1FA1g&_=1713537663872
34.225.34.17
https://tgir.app.tax/_blazor?id=fMleuASZSmAVKQ4V-jVBwA&_=1713537611682
34.225.34.17
https://tgir.app.tax/js/tailwind.js
34.225.34.17
https://tgir.app.tax/?req=y6_Ocxb12wg
https://tgir.app.tax/_blazor?id=ZODOASwsuykE2w6jl1FA1g
34.225.34.17
https://tgir.app.tax/_blazor?id=dlfhFiAw5G00Fj9QX1nC5w
34.225.34.17
https://tgir.app.tax/_blazor?id=ZODOASwsuykE2w6jl1FA1g&_=1713537663054
34.225.34.17
https://tgir.app.tax/css/site.css
34.225.34.17
https://tgir.app.tax/_blazor/negotiate?negotiateVersion=1
34.225.34.17
https://github.com/postcss/autoprefixer#readme
unknown
https://tailwindcss.com/docs/configuration#prefix
unknown
https://tgir.app.tax/_blazor?id=VRoY3yOcuAigPOENiskyZQ
34.225.34.17
https://tgir.app.tax/_blazor?id=3S_xZjrDs9mprIZ8eCvSrQ&_=1713537685807
34.225.34.17
https://evilmartians.com/chronicles/postcss-8-plugin-migration
unknown
https://www.w3ctech.com/topic/2226
unknown
https://cdn.withpersona.com/dist/persona-v4.7.1.js
35.244.189.201
https://tgir.app.tax/_blazor?id=fMleuASZSmAVKQ4V-jVBwA
34.225.34.17
https://tgir.app.tax/_blazor?id=3S_xZjrDs9mprIZ8eCvSrQ
34.225.34.17
https://github.com/browserslist/browserslist#readme
unknown
https://tailwindcss.com/docs/using-with-preprocessors#nesting
unknown
https://tgir.app.tax/favicon.ico
34.225.34.17
https://tgir.app.tax/_blazor?id=fMleuASZSmAVKQ4V-jVBwA&_=1713537610707
34.225.34.17
https://tgir.app.tax/_blazor?id=jueQUhcSINnHdTiDdWj8ZA
34.225.34.17
https://tgir.app.tax/_blazor?id=VRoY3yOcuAigPOENiskyZQ&_=1713537617378
34.225.34.17
https://tgir.app.tax/_blazor?id=y3F7mGkkxxsgmnxt56NaMQ&_=1713537639825
34.225.34.17
https://tgir.app.tax/js/loader.js
34.225.34.17
https://tgir.app.tax/_blazor?id=3S_xZjrDs9mprIZ8eCvSrQ&_=1713537685322
34.225.34.17
https://tailwindcss.com/docs/configuration#selector-strategy
unknown
https://tgir.app.tax/_blazor?id=VRoY3yOcuAigPOENiskyZQ&_=1713537618383
34.225.34.17
https://portal.taxguardian.com/oesp/beginWorkflow.jsp?id=ab78ba00-97cb-4670-8904-47e00fd29a84&surveyId=9492&d=DwMFAw
104.22.48.87
https://tgir.app.tax/_blazor?id=y3F7mGkkxxsgmnxt56NaMQ&_=1713537640315
34.225.34.17
https://tgir.app.tax/_blazor?id=OrH3pvOKh_4ehpOqWt66rQ
34.225.34.17
https://tgir.app.tax/_blazor?id=6OAgKwC_bmuNoRJbzX-Ihg
34.225.34.17
https://tgir.app.tax/_blazor?id=cY7_Pj15Xd7BT0f9yCaRNA
34.225.34.17
https://mths.be/cssesc
unknown
https://tgir.app.tax/_blazor?id=y3F7mGkkxxsgmnxt56NaMQ
34.225.34.17
https://tgir.app.tax/_framework/blazor.server.js
34.225.34.17
https://tgir.app.tax/_blazor/initializers
34.225.34.17
https://twitter.com/browserslist
unknown
https://tgir.app.tax/_blazor?id=ZODOASwsuykE2w6jl1FA1g&_=1713537662447
34.225.34.17
There are 33 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
tgir.app.tax
34.225.34.17
ec1.optimumhst.com
104.22.48.87
www.google.com
173.194.219.103
cdn.withpersona.com
35.244.189.201
fp2e7a.wpc.phicdn.net
192.229.211.108
windowsupdatebg.s.llnwi.net
69.164.42.0
portal.taxguardian.com
unknown

IPs

IP
Domain
Country
Malicious
52.54.160.172
unknown
United States
35.244.189.201
cdn.withpersona.com
United States
192.168.2.16
unknown
unknown
173.194.219.103
www.google.com
United States
192.168.2.4
unknown
unknown
239.255.255.250
unknown
Reserved
104.22.48.87
ec1.optimumhst.com
United States
34.225.34.17
tgir.app.tax
United States

DOM / HTML

URL
Malicious
https://tgir.app.tax/?req=y6_Ocxb12wg
https://tgir.app.tax/?req=y6_Ocxb12wg
https://tgir.app.tax/?req=y6_Ocxb12wg
https://tgir.app.tax/?req=y6_Ocxb12wg