IOC Report
https://lide.alosalca.fun/highbox#joeblow@xyz.com

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:44:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:44:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:44:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:44:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:44:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 437x43, components 3
dropped
Chrome Cache Entry: 101
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 114x31, components 3
downloaded
Chrome Cache Entry: 102
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 178x41, components 3
downloaded
Chrome Cache Entry: 103
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 284x47, components 3
dropped
Chrome Cache Entry: 104
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 496x65, components 3
dropped
Chrome Cache Entry: 105
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 152x49, components 3
downloaded
Chrome Cache Entry: 106
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 542x57, components 3
dropped
Chrome Cache Entry: 107
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 609x179, components 3
dropped
Chrome Cache Entry: 108
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 109
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 496x65, components 3
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (19015)
downloaded
Chrome Cache Entry: 111
JSON data
dropped
Chrome Cache Entry: 112
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 66x34, components 3
dropped
Chrome Cache Entry: 113
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 512x144, components 3
downloaded
Chrome Cache Entry: 114
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 115
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 152x49, components 3
dropped
Chrome Cache Entry: 116
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 360x63, components 3
dropped
Chrome Cache Entry: 117
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 751x102, components 3
dropped
Chrome Cache Entry: 118
JSON data
downloaded
Chrome Cache Entry: 119
ASCII text, with very long lines (65241)
downloaded
Chrome Cache Entry: 120
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 178x41, components 3
dropped
Chrome Cache Entry: 121
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 219x35, components 3
dropped
Chrome Cache Entry: 122
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 123
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 381x76, components 3
downloaded
Chrome Cache Entry: 124
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 284x47, components 3
downloaded
Chrome Cache Entry: 125
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 547x126, components 3
dropped
Chrome Cache Entry: 126
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 127
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 512x144, components 3
dropped
Chrome Cache Entry: 128
ASCII text, with very long lines (48664)
downloaded
Chrome Cache Entry: 129
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 519x581, components 3
downloaded
Chrome Cache Entry: 130
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 509x76, components 3
downloaded
Chrome Cache Entry: 131
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 359x57, components 3
dropped
Chrome Cache Entry: 132
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 547x126, components 3
downloaded
Chrome Cache Entry: 133
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 134
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 751x102, components 3
downloaded
Chrome Cache Entry: 135
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 136
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 334x46, components 3
dropped
Chrome Cache Entry: 137
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 437x43, components 3
downloaded
Chrome Cache Entry: 138
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 360x63, components 3
downloaded
Chrome Cache Entry: 139
HTML document, ASCII text, with very long lines (18299)
downloaded
Chrome Cache Entry: 140
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 609x179, components 3
downloaded
Chrome Cache Entry: 141
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 142
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 547x126, components 3
downloaded
Chrome Cache Entry: 143
JSON data
dropped
Chrome Cache Entry: 144
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 146x49, components 3
dropped
Chrome Cache Entry: 145
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 381x76, components 3
dropped
Chrome Cache Entry: 146
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 114x31, components 3
dropped
Chrome Cache Entry: 147
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 359x57, components 3
downloaded
Chrome Cache Entry: 148
JSON data
downloaded
Chrome Cache Entry: 149
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 219x35, components 3
downloaded
Chrome Cache Entry: 150
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 151
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 547x126, components 3
dropped
Chrome Cache Entry: 152
gzip compressed data, from Unix, original size modulo 2^32 1239
downloaded
Chrome Cache Entry: 153
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 84
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 519x581, components 3
dropped
Chrome Cache Entry: 85
gzip compressed data, from Unix, original size modulo 2^32 315
downloaded
Chrome Cache Entry: 86
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 87
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 334x46, components 3
downloaded
Chrome Cache Entry: 88
gzip compressed data, from Unix, original size modulo 2^32 374636
downloaded
Chrome Cache Entry: 89
gzip compressed data, from Unix, original size modulo 2^32 212739
downloaded
Chrome Cache Entry: 90
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 284x47, components 3
dropped
Chrome Cache Entry: 91
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 146x49, components 3
downloaded
Chrome Cache Entry: 92
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 509x76, components 3
dropped
Chrome Cache Entry: 93
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 284x47, components 3
downloaded
Chrome Cache Entry: 94
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 542x57, components 3
downloaded
Chrome Cache Entry: 95
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 96
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 143x50, components 3
downloaded
Chrome Cache Entry: 97
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 66x34, components 3
downloaded
Chrome Cache Entry: 98
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 143x50, components 3
dropped
Chrome Cache Entry: 99
ASCII text, with no line terminators
dropped
There are 67 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2184,i,9310823674978504222,17658416220767303458,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://lide.alosalca.fun/highbox#joeblow@xyz.com"

URLs

Name
IP
Malicious
https://lide.alosalca.fun/highbox#joeblow@xyz.com
malicious
http://lide.alosalca.fun/highbox/#joeblow@xyz.com?random=vPMjwBSwlYxDHKesMLp2NDeOjaRFkVt4PK26wggvfjgUHTlTfQaMrYobiJYL6DgSJotIdl
malicious
https://69-164-216-107.ip.linodeusercontent.com/apr2/1tuBZA2dQ2OZnL64
69.164.216.107
http://lide.alosalca.fun/highbox/mega.js
104.21.1.57
https://69-164-216-107.ip.linodeusercontent.com/apr3/bG8Q1jdDmyJZjsDO
69.164.216.107
https://a.nel.cloudflare.com/report/v4?s=ytGYuw0SBBtS3LQxOuMJo%2Bh02VwuV1wwNr6UzKA94yhd9%2BmZwrd8fuECyCuzwdgcQ%2FfcHJ4xhwg%2BLEOj6vkPNJ%2F%2BJZ5kfDghCo04epF2x3PrRXmfjyzmx4GVPyLsbOmdTls4p5fDgtXeOHA%3D
35.190.80.1
https://www.yiiframework.com/doc-2.0/yii-base-module.html#runAction()-detail
unknown
https://69-164-216-107.ip.linodeusercontent.com/vid1/TrzqRFuy4MJ4XWCB
69.164.216.107
https://69-164-216-107.ip.linodeusercontent.com/vph/lrdVLojiou0qqZly
69.164.216.107
https://github.com/yiisoft/yii2/
unknown
https://69-164-216-107.ip.linodeusercontent.com/cant/a5JKagtUoTXfGwZT
69.164.216.107
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://www.yiiframework.com/doc-2.0/yii-base-errorexception.html
unknown
https://69-164-216-107.ip.linodeusercontent.com/ms/lxzGbv3hy4WdYfNa
69.164.216.107
https://www.google.com/search?q=Undefined
unknown
https://api.ipify.org/?format=json
104.26.13.205
http://lide.alosalca.fun/favicon.ico
104.21.1.57
https://69-164-216-107.ip.linodeusercontent.com/emr/NVljaT1j0fUxaLat
69.164.216.107
https://69-164-216-107.ip.linodeusercontent.com/vid2/GshGTxDGjm16q1FN
69.164.216.107
https://69-164-216-107.ip.linodeusercontent.com/icod/k0gEEZOfTBiICr1j
69.164.216.107
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
104.18.10.207
http://opensource.org/licenses/MIT).
unknown
https://69-164-216-107.ip.linodeusercontent.com/vph1/UwfUCFjisDNgeIUh
69.164.216.107
https://httpd.apache.org/
unknown
https://69-164-216-107.ip.linodeusercontent.com/gss/Y0XFRO464XV5OX3u
69.164.216.107
https://69-164-216-107.ip.linodeusercontent.com/wednt/vSLR30xkV1wCUmqV
69.164.216.107
https://www.yiiframework.com/doc-2.0/yii-web-application.html#handleRequest()-detail
unknown
https://69-164-216-107.ip.linodeusercontent.com/sigi/te2BMKQevrPDL3Gd
69.164.216.107
https://www.yiiframework.com/doc-2.0/yii-base-inlineaction.html#runWithParams()-detail
unknown
https://69-164-216-107.ip.linodeusercontent.com/cncl/8s3ZmRtEUbi2xSck
69.164.216.107
https://69-164-216-107.ip.linodeusercontent.com/apr1/K7oawgiQZGO729O3
69.164.216.107
https://69-164-216-107.ip.linodeusercontent.com/vid/9ByFVrvy71ZtFROH
69.164.216.107
https://dashboard.spamfather.com/web/blocked-ip/check-ip?ip=185.152.66.230
172.67.172.36
https://www.yiiframework.com/doc-2.0/yii-base-controller.html#runAction()-detail
unknown
https://69-164-216-107.ip.linodeusercontent.com/key/f9DjaQLWUiikwc8f
69.164.216.107
https://dashboard.spamfather.com/web/site/go-back?token=9704A-4FC48-AE885-98DCB-DCDF5-7F3FD-EF-16-81851-875&usr=joeblow@xyz.com
172.67.172.36
https://www.yiiframework.com/doc-2.0/yii-base-errorhandler.html#handleError()-detail
unknown
https://lide.alosalca.fun/highbox
172.67.128.161
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
104.17.24.14
https://getbootstrap.com)
unknown
https://69-164-216-107.ip.linodeusercontent.com/epas/nDKjw0NsxLyvHy0Y
69.164.216.107
https://69-164-216-107.ip.linodeusercontent.com/cosi/GhYFuqfXa2S89Zec
69.164.216.107
https://yiiframework.com/
unknown
https://dashboard.spamfather.com/web/site/check-em?email=joeblow@xyz.com
172.67.172.36
https://69-164-216-107.ip.linodeusercontent.com/pasr/00Wp1QtPGGg6tNi2
69.164.216.107
https://www.yiiframework.com/doc-2.0/yii-base-application.html#run()-detail
unknown
https://69-164-216-107.ip.linodeusercontent.com/noac/nlCQLkXBV0Ryrh8U
69.164.216.107
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
152.199.4.44
https://69-164-216-107.ip.linodeusercontent.com/pas2/CirkVnUZuw2gzfS8
69.164.216.107
https://69-164-216-107.ip.linodeusercontent.com/enc/us9SPB7nWOX2ro45
69.164.216.107
http://lide.alosalca.fun/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.1.57
https://fontawesome.com/
unknown
https://69-164-216-107.ip.linodeusercontent.com/takn/gnodp4Suzu5ewcl9
69.164.216.107
https://code.jquery.com/jquery-3.7.1.slim.min.js
151.101.2.137
https://69-164-216-107.ip.linodeusercontent.com/fpas/5uK7sqM5jLLgrgDX
69.164.216.107
https://stackoverflow.com/search?q=Undefined
unknown
https://dashboard.spamfather.com/web/site/stats?ip=185.152.66.230&ua=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F117.0.0.0%2520Safari%252F537.36&em=brianknowt23%40gmail.com
172.67.172.36
http://lide.alosalca.fun/highbox/
104.21.1.57
There are 48 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
a.nel.cloudflare.com
35.190.80.1
cs1100.wpc.omegacdn.net
152.199.4.44
dashboard.spamfather.com
172.67.172.36
code.jquery.com
151.101.2.137
cdnjs.cloudflare.com
104.17.24.14
69-164-216-107.ip.linodeusercontent.com
69.164.216.107
maxcdn.bootstrapcdn.com
104.18.10.207
lide.alosalca.fun
172.67.128.161
www.google.com
172.217.215.99
api.ipify.org
104.26.13.205
fp2e7a.wpc.phicdn.net
192.229.211.108
aadcdn.msftauth.net
unknown
There are 3 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.17.24.14
cdnjs.cloudflare.com
United States
172.217.215.99
www.google.com
United States
104.18.10.207
maxcdn.bootstrapcdn.com
United States
152.199.4.44
cs1100.wpc.omegacdn.net
United States
104.21.1.57
unknown
United States
192.168.2.5
unknown
unknown
172.67.128.161
lide.alosalca.fun
United States
151.101.2.137
code.jquery.com
United States
69.164.216.107
69-164-216-107.ip.linodeusercontent.com
United States
239.255.255.250
unknown
Reserved
172.67.172.36
dashboard.spamfather.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
104.26.13.205
api.ipify.org
United States
There are 3 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
http://lide.alosalca.fun/highbox/#joeblow@xyz.com?random=vPMjwBSwlYxDHKesMLp2NDeOjaRFkVt4PK26wggvfjgUHTlTfQaMrYobiJYL6DgSJotIdl
 malicious
http://lide.alosalca.fun/highbox/#joeblow@xyz.com?random=vPMjwBSwlYxDHKesMLp2NDeOjaRFkVt4PK26wggvfjgUHTlTfQaMrYobiJYL6DgSJotIdl
 malicious
http://lide.alosalca.fun/highbox/#joeblow@xyz.com?random=vPMjwBSwlYxDHKesMLp2NDeOjaRFkVt4PK26wggvfjgUHTlTfQaMrYobiJYL6DgSJotIdl
 malicious
http://lide.alosalca.fun/highbox/#joeblow@xyz.com?random=vPMjwBSwlYxDHKesMLp2NDeOjaRFkVt4PK26wggvfjgUHTlTfQaMrYobiJYL6DgSJotIdl
 malicious