IOC Report
https://mail-cloudstation-us-west-2.prod.hydra.sophos.com/mail/api/xgemail/smart-banner/55e3e38d9bcbfbe895ad54204d157a6a

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
ASCII text
downloaded
Chrome Cache Entry: 101
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 102
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 103
JSON data
dropped
Chrome Cache Entry: 104
JSON data
downloaded
Chrome Cache Entry: 105
ASCII text, with very long lines (65254)
downloaded
Chrome Cache Entry: 106
ASCII text
downloaded
Chrome Cache Entry: 107
JSON data
downloaded
Chrome Cache Entry: 108
ASCII text, with very long lines (36201), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 109
JSON data
downloaded
Chrome Cache Entry: 110
JSON data
downloaded
Chrome Cache Entry: 111
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 112
MS Windows icon resource - 1 icon, 16x16
downloaded
Chrome Cache Entry: 113
JSON data
dropped
Chrome Cache Entry: 114
Web Open Font Format, TrueType, length 142340, version 0.0
downloaded
Chrome Cache Entry: 115
PNG image data, 821 x 137, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 116
JSON data
downloaded
Chrome Cache Entry: 117
assembler source, ASCII text
downloaded
Chrome Cache Entry: 118
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 119
Web Open Font Format, TrueType, length 133856, version 0.0
downloaded
Chrome Cache Entry: 120
ASCII text, with very long lines (5955)
downloaded
Chrome Cache Entry: 121
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 122
PNG image data, 821 x 137, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 123
ASCII text
downloaded
Chrome Cache Entry: 124
Unicode text, UTF-8 text, with very long lines (57048)
downloaded
Chrome Cache Entry: 125
ASCII text, with very long lines (21778), with no line terminators
downloaded
Chrome Cache Entry: 69
JSON data
downloaded
Chrome Cache Entry: 70
HTML document, Unicode text, UTF-8 text, with very long lines (374)
dropped
Chrome Cache Entry: 71
HTML document, ASCII text
dropped
Chrome Cache Entry: 72
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 73
C source, ASCII text, with very long lines (65103)
downloaded
Chrome Cache Entry: 74
JSON data
downloaded
Chrome Cache Entry: 75
ASCII text, with very long lines (21778), with no line terminators
dropped
Chrome Cache Entry: 76
Web Open Font Format (Version 2), TrueType, length 98804, version 1.0
downloaded
Chrome Cache Entry: 77
HTML document, Unicode text, UTF-8 text, with very long lines (374)
downloaded
Chrome Cache Entry: 78
ASCII text
downloaded
Chrome Cache Entry: 79
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 80
JSON data
dropped
Chrome Cache Entry: 81
JSON data
dropped
Chrome Cache Entry: 82
MS Windows icon resource - 1 icon, 16x16
dropped
Chrome Cache Entry: 83
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 84
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 85
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 87
ASCII text, with very long lines (21229)
downloaded
Chrome Cache Entry: 88
ASCII text
downloaded
Chrome Cache Entry: 89
JSON data
dropped
Chrome Cache Entry: 90
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 91
HTML document, ASCII text
downloaded
Chrome Cache Entry: 92
ASCII text, with very long lines (2519)
downloaded
Chrome Cache Entry: 93
JSON data
dropped
Chrome Cache Entry: 94
HTML document, ASCII text
downloaded
Chrome Cache Entry: 95
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 96
ASCII text
downloaded
Chrome Cache Entry: 97
HTML document, ASCII text
downloaded
Chrome Cache Entry: 98
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 99
ASCII text, with no line terminators
downloaded
There are 48 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1880,i,9304512019144231151,15516723976325891686,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mail-cloudstation-us-west-2.prod.hydra.sophos.com/mail/api/xgemail/smart-banner/55e3e38d9bcbfbe895ad54204d157a6a"

URLs

Name
IP
Malicious
https://mail-cloudstation-us-west-2.prod.hydra.sophos.com/mail/api/xgemail/smart-banner/55e3e38d9bcbfbe895ad54204d157a6a
https://mail-cloudstation-us-west-2.prod.hydra.sophos.com/mail/manage/self-service
54.187.126.227
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Medium.woff
unknown
https://cloud.sophos.com/assets/loginwithb2c.js
54.154.82.165
https://stats.g.doubleclick.net/g/collect
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Semibold.ttf
unknown
https://mail-cloudstation-us-west-2.prod.hydra.sophos.com/mail/api/xgemail/smart-banner/55e3e38d9bcbfbe895ad54204d157a6a
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-RegularItalic.eot?#iefi
unknown
https://login.sophos.com/login.sophos.com/oauth2/v2.0/authorize?p=B2C_1A_signup&client_id=cb303009-a
unknown
https://login.sophos.com/login.sophos.com/oauth2/v2.0/authorize?p=B2C_1A_signup_signin&client_id=a2909672-3668-457e-ba5b-5bbd4508f6e2&redirect_uri=https://cloud.sophos.com/idp/azureb2c&scope=openid&response_type=id_token&prompt=login
https://www.redditstatic.com/ads/pixel.js
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-MediumItalic.svg#font
unknown
https://cdn.cookielaw.org/scripttemplates/202311.1.0/assets/v2/otPcTab.json
104.19.178.52
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/flama-basic-webfont.svg#flamabasic
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Regular.woff2
unknown
about:blank
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
104.19.178.52
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/css/welcome-animation.css
18.64.156.27
https://cloud.sophos.com/assets/logo
unknown
https://cdn.cookielaw.org/scripttemplates/202311.1.0/assets/otFlat.json
104.19.178.52
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-LightItalic.eot
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/Inter-Regular.woff2
18.64.156.27
https://www.google.com
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-MediumItalic.woff
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-MediumItalic.woff2
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Semibold.woff
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/images/icon-password.svg
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/images/icon-email.svg
18.64.156.27
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Bold.woff
unknown
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
104.19.178.52
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/inter-regular.svg#font
unknown
https://github.com/krux/postscribe/blob/master/LICENSE.
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/localize/fr.json
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/html/footer.html
18.64.156.27
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-MediumItalic.eot
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-BoldItalic.svg#font
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-BoldItalic.woff2
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/localize/en.json
18.64.156.27
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Medium.woff2
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/flama-basic-webfont.ttf
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/flama-basic-webfont.eot?#iefix
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Light.eot?#iefix
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/localize/zh-hant.json
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/inter-regular.eot
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/localize/de.json
unknown
https://cloud.sophos.com/assets/favicon.ico
54.154.82.165
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/localize/pt.json
unknown
https://cloud.sophos.com/idp/authenticate?backtrack=/manage/self-service
https://adservice.google.com/pagead/regclk
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-MediumItalic.ttf
unknown
https://cloud.sophos.com/assets/success-icon.png
54.154.82.165
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Semibold.eot
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/localize/it.json
unknown
https://cct.google/taggy/agent.js
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Bold.eot?#iefix
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/html/enter-email.html
18.64.156.27
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/localize/es.json
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/images/sophos-logo.svg
18.64.156.27
https://cdn.cookielaw.org/scripttemplates/202311.1.0/otBannerSdk.js
104.19.178.52
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/scripts/include-footer.js
18.64.156.27
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/scripts/localize-footer.js
18.64.156.27
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/scripts/user-agent.js
18.64.156.27
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/images/favicon.ico
18.64.156.27
https://cdn.cookielaw.org/consent/2e456f46-6b86-42c8-be0a-01efd4471533/018ee767-7431-780c-bf78-4b67b48c194b/en.json
104.19.178.52
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js?did=2e456f46-6b86-42c8-be0a-01efd4471533
104.19.178.52
https://stats.g.doubleclick.net/g/collect?v=2&
unknown
https://www.sophos.com/en-us/legal/cookie-information
unknown
https://cdn.cookielaw.org/consent/2e456f46-6b86-42c8-be0a-01efd4471533/2e456f46-6b86-42c8-be0a-01efd4471533.json
104.19.178.52
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Bold.svg#font
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Regular.ttf
unknown
https://cookies-data.onetrust.io/bannersdk/v1/domaingroupcheck
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-LightItalic.ttf
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-RegularItalic.eot
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/Inter-Regular.woff
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Semibold.svg#font
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/flama-basic-webfont.woff
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Light.woff2
unknown
https://cloud.sophos.com/manage/self-service
54.154.82.165
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Light.eot
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-SemiboldItalic.svg#font
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-LightItalic.woff2
unknown
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
172.64.155.119
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-BoldItalic.woff
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-BoldItalic.eot?#iefix
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Light.svg#font
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Regular.eot
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-RegularItalic.svg#font
unknown
https://cloud.sophos.com/assets/success-icon
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Bold.ttf
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/css/footer.css
18.64.156.27
https://cdn.cookielaw.org/vendorlist/googleData.json
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Bold.woff2
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Light.ttf
unknown
https://cloud.sophos.com/assets/logo.png
54.154.82.165
https://cdn.cookielaw.org/vendorlist/iabData.json
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Medium.eot
unknown
https://cdn.cookielaw.org/vendorlist/iab2Data.json
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/localize/ja.json
unknown
https://www.sophos.com/en-us/legal/cookie-information.aspx
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-Regular.eot?#iefix
unknown
https://d2y1fnwu0z0lk0.cloudfront.net/2024.18.03.04.17/2188/fonts/SophosSans-SemiboldItalic.eot
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
mail-spinnaker-1148880338.us-west-2.elb.amazonaws.com
54.187.126.227
cloud.sophos.com
54.154.82.165
www.google.com
142.250.9.104
d2y1fnwu0z0lk0.cloudfront.net
18.64.156.27
cdn.cookielaw.org
104.19.178.52
geolocation.onetrust.com
172.64.155.119
fp2e7a.wpc.phicdn.net
192.229.211.108
mail-cloudstation-us-west-2.prod.hydra.sophos.com
unknown
s.go-mpulse.net
unknown
www.sophos.com
unknown
cloud-assets.sophos.com
unknown
dc.services.visualstudio.com
unknown
c.go-mpulse.net
unknown
login.sophos.com
unknown
There are 4 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
54.154.82.165
cloud.sophos.com
United States
142.250.9.104
www.google.com
United States
192.168.2.4
unknown
unknown
54.171.140.60
unknown
United States
54.187.126.227
mail-spinnaker-1148880338.us-west-2.elb.amazonaws.com
United States
104.19.178.52
cdn.cookielaw.org
United States
18.64.156.27
d2y1fnwu0z0lk0.cloudfront.net
United States
172.64.155.119
geolocation.onetrust.com
United States
239.255.255.250
unknown
Reserved

DOM / HTML

URL
Malicious
https://mail-cloudstation-us-west-2.prod.hydra.sophos.com/mail/api/xgemail/smart-banner/55e3e38d9bcbfbe895ad54204d157a6a
https://mail-cloudstation-us-west-2.prod.hydra.sophos.com/mail/api/xgemail/smart-banner/55e3e38d9bcbfbe895ad54204d157a6a/allowBlockConfirm
https://cloud.sophos.com/idp/authenticate?backtrack=/manage/self-service
https://login.sophos.com/login.sophos.com/oauth2/v2.0/authorize?p=B2C_1A_signup_signin&client_id=a2909672-3668-457e-ba5b-5bbd4508f6e2&redirect_uri=https://cloud.sophos.com/idp/azureb2c&scope=openid&response_type=id_token&prompt=login
https://login.sophos.com/login.sophos.com/oauth2/v2.0/authorize?p=B2C_1A_signup_signin&client_id=a2909672-3668-457e-ba5b-5bbd4508f6e2&redirect_uri=https://cloud.sophos.com/idp/azureb2c&scope=openid&response_type=id_token&prompt=login
https://login.sophos.com/login.sophos.com/oauth2/v2.0/authorize?p=B2C_1A_signup_signin&client_id=a2909672-3668-457e-ba5b-5bbd4508f6e2&redirect_uri=https://cloud.sophos.com/idp/azureb2c&scope=openid&response_type=id_token&prompt=login
about:blank