IOC Report
http://confirm-id2719.click/

loading gif

Files

File Path
Type
Category
Malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\Users\user\AppData\Local\BIT8664.tmp
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ll5lr3gm.1yt.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Tempy.ps1 (copy)
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZVZKQI59UD2WCTU4EBTX.temp
data
dropped
Chrome Cache Entry: 104
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 107
gzip compressed data, max compression, from Unix, original size modulo 2^32 87533
downloaded
Chrome Cache Entry: 108
gzip compressed data, max speed, from Unix, original size modulo 2^32 207
downloaded
Chrome Cache Entry: 109
gzip compressed data, max speed, from Unix, original size modulo 2^32 118085
downloaded
Chrome Cache Entry: 116
gzip compressed data, max compression, truncated
downloaded
Chrome Cache Entry: 123
HTML document, ASCII text
dropped
There are 4 hidden files, click here to show them.

URLs

Name
IP
Malicious
http://confirm-id2719.click/
malicious
https://confirm-id2719.click/Reservation_files/protect.svg
185.208.158.75
https://confirm-id2719.click/Reservation_files/no.png
185.208.158.75
https://confirm-id2719.click/Reservation_files/137927810.jpg
185.208.158.75
https://confirm-id2719.click/antifraud
185.208.158.75
https://confirm-id2719.click/static/manage_light.v14b6812v.css
185.208.158.75
https://confirm-id2719.click/Reservation_files/318586996.jpg
185.208.158.75
https://confirm-id2719.click/Reservation_files/438648711.jpg
185.208.158.75
https://confirm-id2719.click/Reservation_files/b_logo_blue.png
185.208.158.75
https://confirm-id2719.click/Reservation_files/166939781.jpg
185.208.158.75
https://confirm-id2719.click/static/favicon.svg
185.208.158.75
https://confirm-id2719.click/Reservation_files/319302651.jpg
185.208.158.75
https://confirm-id2719.click/
https://confirm-id2719.click/static/core_6136b7d7dc3346df1f4c9b379c38fa52.css
185.208.158.75
https://confirm-id2719.click/Reservation_files/625bf8aec1510ce62b414074752052f184a60801.svg
185.208.158.75
https://confirm-id2719.click/Reservation_files/319302672.jpg
185.208.158.75
https://confirm-id2719.click/stuk/click
185.208.158.75
https://confirm-id2719.click/Reservation_files/1df260bd9a2d14e1601c8c9ff1714c05acf328f8.svg
185.208.158.75
https://confirm-id2719.click/Reservation_files/333642474.jpg
185.208.158.75
https://confirm-id2719.click/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
185.208.158.75
There are 9 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
files.catbox.moe
108.181.20.43
bstatic.com
18.238.132.113
code.jquery.com
151.101.2.137
partner.booking.com
18.161.134.29
www.google.com
142.250.114.99
confirm-id2719.click
185.208.158.75
e10776.b.akamaiedge.net
23.204.148.244
cdn.cookielaw.org
104.18.87.42
try-cloudfront.abtasty.com
108.156.224.37
try.abtasty.com
unknown
munchkin.marketo.net
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.208.158.75
confirm-id2719.click
Switzerland
104.18.87.42
cdn.cookielaw.org
United States
1.1.1.1
unknown
Australia
142.250.114.102
unknown
United States
18.238.132.113
bstatic.com
United States
142.250.114.99
www.google.com
United States
142.251.116.113
unknown
United States
23.204.148.244
e10776.b.akamaiedge.net
United States
142.250.138.94
unknown
United States
108.181.20.43
files.catbox.moe
Canada
142.250.115.94
unknown
United States
142.250.113.84
unknown
United States
192.168.2.18
unknown
unknown
142.250.114.95
unknown
United States
142.251.116.94
unknown
United States
18.161.134.29
partner.booking.com
United States
173.194.208.113
unknown
United States
151.101.2.137
code.jquery.com
United States
108.156.224.37
try-cloudfront.abtasty.com
United States
142.250.113.138
unknown
United States
104.69.85.120
unknown
United States
127.0.0.1
unknown
unknown
There are 12 hidden IPs, click here to show them.