IOC Report
https://us-west-2.protection.sophos.com/?d=venmo.com&u=aHR0cHM6Ly92ZW5tby5jb20vc2lnbnVwL3N0YXJ0P2VtYWlsPW5vcmVwbHkxMSU0MHdxZXJkZmQub25taWNyb3NvZnQuY29tJmludml0ZV9pZD02NjJhNzViZTNjYWMxN2E3MGE5OTA0ZmEmbnI9MSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9zb3VyY2U9cG51&p=m&i=NjI3Mjc4OTk0MGU3YTAxM2U2ZWIxMDY3&t=RTdyMWVwN0l

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 11:23:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
ASCII text, with very long lines (949)
downloaded
Chrome Cache Entry: 101
ASCII text, with very long lines (63869)
downloaded
Chrome Cache Entry: 102
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 103
ASCII text, with very long lines (38457)
downloaded
Chrome Cache Entry: 104
ASCII text
downloaded
Chrome Cache Entry: 106
JSON data
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (4559)
dropped
Chrome Cache Entry: 108
Unicode text, UTF-8 text, with very long lines (4450)
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (5762)
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (4179)
downloaded
Chrome Cache Entry: 111
ASCII text, with very long lines (2343)
downloaded
Chrome Cache Entry: 112
ASCII text, with very long lines (4179)
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (461)
downloaded
Chrome Cache Entry: 114
ASCII text, with very long lines (36413), with no line terminators
downloaded
Chrome Cache Entry: 116
Web Open Font Format (Version 2), CFF, length 25368, version 1.6553
downloaded
Chrome Cache Entry: 117
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 93
Unicode text, UTF-8 text, with very long lines (318)
downloaded
Chrome Cache Entry: 94
Unicode text, UTF-8 text, with very long lines (844)
downloaded
Chrome Cache Entry: 95
ASCII text, with very long lines (15682)
downloaded
Chrome Cache Entry: 96
ASCII text
downloaded
Chrome Cache Entry: 98
ASCII text, with very long lines (353), with no line terminators
downloaded
Chrome Cache Entry: 99
ASCII text, with very long lines (949)
downloaded
There are 19 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://us-west-2.protection.sophos.com/?d=venmo.com&u=aHR0cHM6Ly92ZW5tby5jb20vc2lnbnVwL3N0YXJ0P2VtYWlsPW5vcmVwbHkxMSU0MHdxZXJkZmQub25taWNyb3NvZnQuY29tJmludml0ZV9pZD02NjJhNzViZTNjYWMxN2E3MGE5OTA0ZmEmbnI9MSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9zb3VyY2U9cG51&p=m&i=NjI3Mjc4OTk0MGU3YTAxM2U2ZWIxMDY3&t=RTdyMWVwN0ltVWFjZ3cvWmVHNTRWVkd1STQwUzVVNzEveWYyR0FYYXVhMD0=&h=4ce9b067fcbf486e8f27561ce3d3058e&s=AVNPUEhUT0NFTkNSWVBUSVaS8c9jSpZcrH9uvMBTWALM8OUVCaCMDIwUwmubUWsN9g
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Domains

Name
IP
Malicious
mparticle.map.fastly.net
151.101.130.133
paypal.map.fastly.net
151.101.194.133
dualstack.paypal-dynamic-2.map.fastly.net
151.101.65.35
paypal-dynamic-2.map.fastly.net
151.101.1.35
account.venmo.com
52.84.150.34
paypal-dynamic.map.fastly.net
151.101.193.21
jssdks.mparticle.com
151.101.194.133
d2t07dpvw9bt1v.cloudfront.net
99.84.252.10
venmo.com
52.84.150.50
www.google.com
142.250.64.196
jssdkcdns.mparticle.com
151.101.66.133
stats.glb.paypal.com
35.235.122.5
lvs.stats.paypal.com
35.235.122.5
c.paypal.com
unknown
us-west-2.protection.sophos.com
unknown
c6.paypal.com
unknown
b.stats.paypal.com
unknown
id.venmo.com
unknown
www.paypal.com
unknown
cdn.optimizely.com
unknown
identity.mparticle.com
unknown
t.paypal.com
unknown
www.paypalobjects.com
unknown
There are 13 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
151.101.130.133
mparticle.map.fastly.net
United States
192.168.2.17
unknown
unknown
52.84.150.50
venmo.com
United States
151.101.1.35
paypal-dynamic-2.map.fastly.net
United States
142.250.217.238
unknown
United States
142.250.64.232
unknown
United States
35.235.122.5
stats.glb.paypal.com
United States
151.101.65.35
dualstack.paypal-dynamic-2.map.fastly.net
United States
151.101.129.35
unknown
United States
142.251.35.238
unknown
United States
99.84.252.10
d2t07dpvw9bt1v.cloudfront.net
United States
172.217.3.67
unknown
United States
151.101.66.133
jssdkcdns.mparticle.com
United States
151.101.194.133
paypal.map.fastly.net
United States
151.101.193.21
paypal-dynamic.map.fastly.net
United States
192.178.50.67
unknown
United States
1.1.1.1
unknown
Australia
23.37.16.196
unknown
United States
142.250.217.206
unknown
United States
151.101.1.21
unknown
United States
108.177.11.84
unknown
United States
52.84.150.58
unknown
United States
52.84.150.34
account.venmo.com
United States
142.250.64.196
www.google.com
United States
142.250.217.174
unknown
United States
151.101.129.21
unknown
United States
239.255.255.250
unknown
Reserved
184.84.136.157
unknown
United States
There are 18 hidden IPs, click here to show them.