IPMediumSignal 0/100
15.197.148.33
Location
United StatesMontreal, Quebec
ASN
AS16509
AWS Global Accelerator (GLOBAL)
First Seen
Mar 4, 2025
Last Seen
Jun 14, 2026
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags
Network Information
CountryUnited States
United StatesRegionMontreal, Quebec
ASNAS16509
OrganizationAWS Global Accelerator (GLOBAL)
Feed Intelligence Summary
6 reports0% confidence
6
Source reports
0%
Confidence score
Category tags
networkproxyresearched
Activity Timeline
Jun 14Jun 14
Threat Activity Heatmap
· Peak: 2026-06-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
6
Reports
First seenMar 4, 2025
Last seenJun 14, 2026
GeolocationUS
CountryUnited States
LocationMontreal, Quebec
ASNAS16509
OrgAWS Global Accelerator (GLOBAL)
Coords47.6275, -122.3462
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 15.196.0.0 - 15.200.255.255 CIDR: 15.196.0.0/14, 15.200.0.0/16 NetName: AT-88-Z NetHandle: NET-15-196-0-0-1 Parent: NET15 (NET-15-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2021-01-28 Updated: 2022-04-26 Comment: -----BEGIN CERTIFICATE-----MIIDnjCCAoYCCQCMCXLBuibPpjANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0dGxlMQwwCgYDVQQKDANBV1MxETAPBgNVBAsMCElkZW50aXR5MRMwEQYDVQQDDApzaWduaW4uYXdzMSwwKgYJKoZIhvcNAQkBFh1hd3MtaWQtc2lnbmluLWNvcmVAYW1hem9uLmNvbTAeFw0yMjA0MjExODEyNDdaFw0yMzA0MjExODEyNDdaMIGQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1NlYXR0bGUxDDAKBgNVBAoMA0FXUzERMA8GA1UECwwISWRlbnRpdHkxEzARBgNVBAMMCnNpZ25pbi5hd3MxLDAqBgkqhkiG9w0BCQEWHWF3cy1pZC1zaWduaW4tY29yZUBhbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OLoxduBX+OJYYmeN1V9WSrohqUuzLeEsRA5TTgyx9IA2rSh8LyoTXiyrlMJfIGO/OE1VOjLMDUXQVoz/YO/CNIss6Iw/NZtLn14RIW/iQ4rS3O+G/ZF91v9IVdiwtPc59mhZfw/vBm/L7zgWJCEMVg/tM04EHmZEOZuodnrjoyPEPihI8qI+PzSYu3JBsZXat8aC7EPmyEcUVfXXu8dcaHm6REbEuB6WU4vCbe303zy9KoA9xbMebr6Hw9Ao/UTTGhAc1tJQD4HdPZwJmt5RMlyEa3jKyEu+YDZrx8Ci617h4KnB3uzOsmjmtbKrErDiw5bluJrZw7Vp2uzxirolQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDYtJyOoj1fUOYjwLyELQnPAfo06/42rktqMOk+bLGK2BYHQzvxFlyBmNl5FzawvOa/auKySgG5ISO7lu29HUMAhIOkD55JWcZu/jkxFFdccQnoezBbVKyEiOfFQJfAgmrNnHlEL587ROO+L+yfAEnJ7BgyBzzzWbaQZhdJd2zHrhAL1cVvQbdXqVPUnFti7A9DfBJ9rQ4GqyIN963AuOHpiberNJbj1ZqNFx72Y4fHAsBRtMdXkG+pxzPnQt5lurfsSFVnVwDr+/Cm1Rx1EyEwjuXZlem1hQb0olALWKtxbh9pyuP5SP1TdHWyI9EA9Y60dPpqGdL0N5nGmUJ7b2Ka-----END CERTIFICATE----- Ref: https://rdap.arin.net/registry/ip/15.196.0.0 OrgName: Amazon Technologies Inc. OrgId: AT-88-Z Address: 410 Terry Ave N. City: Seattle StateProv: WA PostalCode: 98109 Country: US RegDate: 2011-12-08 Updated: 2024-01-24 Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/AT-88-Z OrgRoutingHandle: IPROU3-ARIN OrgRoutingName: IP Routing OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN OrgRoutingHandle: ARMP-ARIN OrgRoutingName: AWS RPKI Management POC OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN OrgTechHandle: ANO24-ARIN OrgTechName: Amazon EC2 Network Operations OrgTechPhone: +1-206-555-0000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-555-0000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN OrgNOCHandle: AANO1-ARIN OrgNOCName: Amazon AWS Network Operations OrgNOCPhone: +1-206-555-0000 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
- references
- old-AlfrescoToolkit.conf, AlfrescoToolkit.info, AlfrescoToolkit.conf, activities-email_es.ftl, activities-email_ja.ftl, activities-email_de.ftl, activities-email_nl.ftl, activities-email.ftl, activities-email_it.ftl, activities-email_fr.ftl, CAP-notify-monthly-report.ftl, chs-commentUpdate.ftl, chs-studentUploadNotification.ftl, chs-Invalid.ftl, chs-studentExpireSoon.ftl, chs-studentExpired.ftl, following-email.html_it.ftl, following-email.html_fr.ftl, following-email.html_ja.ftl, following-email.html_nl.ftl, following-email_de.html.ftl, following-email_fr.html.ftl, following-email_ja.html.ftl, following-email_it.html.ftl, following-email_nl.html.ftl, following-email.html.ftl, following-email.html_de.ftl, fvca-reminder-email.ftl, fvca-corrections-email.ftl, invite-email_nl.html.ftl, invite-email-add-direct.html.ftl, invite-email-add-direct.html_fr.ftl, invite-email_fr.html.ftl, invite-email_it.html.ftl, invite-email-add-direct.html_es.ftl, invite-email-add-direct.html_de.ftl, invite-email_ja.html.ftl, invite-email-add-direct.html_nl.ftl, new-user-email.html.ftl, new-user-email_de.html.ftl, invite-email-add-direct.html_ja.ftl, invite-email-moderated.html.ftl, new-user-email_fr.html.ftl, new-user-email_it.html.ftl, new-user-email_ja.html.ftl, new-user-email_es.html.ftl, new-user-email_nl.html.ftl, invite-email-add-direct.html_it.ftl, new-user-email_nl.html, invite-email.html_nl.ftl, invite-email.ftl, invite-email_es.html.ftl, invite-email.html.ftl, invite-email_de.html.ftl, invite_user_email.ftl, kofaxFailedEmailTemplate.ftl, notify_user_email.ftl, notify_nl.htm, notify_user_email_es.html.ftl, notify_user_email_de.html.ftl, notify_user_email_ooa_failed.ftl, notify_user_email.html.ftl, notify_user_email_it.html.ftl, notify_user_email_e-transcript_failed.ftl, notify_user_email_ja.html.ftl, notify_user_email_fr.html.ftl, notify_user_email_nl.html.ftl, OOA-notify-email-template.ftl, ADV-notify-terms-types.ftl, appt-final-reminder.ftl, appt-halfway-reminder.ftl, sfs-wf-email.html.ftl, sfs-wf-completed-email.html.ftl, payActionDecision.html.ftl, departmentAdhocTask.html.ftl, wf-email.html_de.ftl, wf-email.html.ftl, wf-email_it.html.ftl, wf-email_fr.html.ftl, wf-email_nl.html.ftl, wf-email_ja.html.ftl, wf-email.html_fr.ftl, wf-email.html_nl.ftl, wf-email_es.html.ftl, wf-email.html_ja.ftl, wf-email.html_it.ftl, wf-email_de.html.ftl, wf-email.html_es.ftl, emailbody_textplain_alfresco.ftl, emailbody_textplain_alfresco_es.ftl, emailbody_textplain_alfresco_fr.ftl, emailbody_textplain_alfresco_it.ftl, emailbody_textplain_alfresco_ja.ftl, emailbody_textplain_alfresco_nb.ftl, emailbody_textplain_alfresco_pt_BR.ftl, emailbody_textplain_alfresco_nl.ftl, emailbody_textplain_alfresco_ru.ftl, emailbody_textplain_alfresco_zh_CN.ftl, emailbody_textplain_share.ftl, emailbody_textplain_share_de.ftl, emailbody_textplain_share_es.ftl, emailbody_textplain_share_it.ftl, emailbody_textplain_share_ja.ftl, emailbody_textplain_share_nb.ftl, emailbody_textplain_share_nl.ftl, emailbody_textplain_share_ru.ftl, emailbody-alfresco-textplain.ftl, emailbody-share-textplain.ftl, emailbody_textplain_alfresco_de.ftl, emailbody_textplain_share_zh_CN.ftl, emailbody_textplain_share_fr.ftl, emailbody_textplain_share_pt_BR.ftl, uofa-pc-model.xml, uofa-pllc-model.xml, uofa-science-model.xml, uofa-rso-model.xml, uofa-set-model.xml, uofa-sfs-model.xml, uofa-slate-model.xml, uofa-uappol-model.xml, advext-model.xml, assocModel.xml, adv-model.xml, cbsr-model.xml, dynamicSecurityMarksModel, ephesoft-educational.xml, facopr-model.xml, fgsr-model.xml, faculty-model.xml, psAudit-model.xml, FVCA.xml, roDocProcessing-model.xml, ro-model.xml, fgsr-thesis-deposit.xml, security-group-model.xml, ua-audit-generic-model.xml, ua-dummy.xml, calendar-year-model.xml, ua-error-model.xml, uafgsrsup-model.xml, uaqa-model.xml, transcript-model.xml, uAlbertaWorkflowGeneral.xml, uarmm-supplement-scanning.xml, uarm-rma-filing-model.xml, ua-search-model.xml, ro-search-match.xml, uatraining.xml, uofa-ales-model.xml, uofa-arts-model.xml, uofa-aps-model.xml, uofa-base-model.xml, uawfh-model.xml, uofa-augustana-model.xml, uofa-business-model.xml, uarmTempModel.xml, uofa-cap-model.xml, uofa-chs-model.xml, uofa-chs-agreements-model.xml, uofa-common-model.xml, uofa-education-model.xml, tamis-model.xml, uofa-engg-coop-model.xml, uofa-engg-model.xml, uofa-fo-model.xml, uofa-extension-model.xml, uofa-esign-model.xml, uofa-hrsbs-model.xml, uofa-law-model.xml, uofa-caps-model.xml, uofa-hrs-model.xml, uofa-native-studies-model.xml, uofa-pllc-model.json, uofa-rso-model.json, uofa-pc-model.json, uofa-native-studies-model.json, uofa-slate-model.json, uofa-uappol-model.json, uofa-science-model.json, uofa-workflowGeneral.json, uofa-sfs-model.json, adv-model.json, advext-model.json, assocModel.json, calendar-year-model.json, facopr-model.json, cbsr-model.json, ephesoft-educational.json, faculty-model.json, faculty-model.xml.json, rma-model.json, fgsr-model.json, FVCA.json, psAudit-model.json, ro-aug-model.json, ro-search-match.json, tamis-model.json, security-group-model.json, fgsr-thesis-deposit.json, transcript-model.json, ro-model.json, ua-audit-generic-model.json, uafgsrsup-model.json, uaqa-model.json, uarmm-supplement-scanning.json, uAlbertaWorkflowGeneral.json, ua-error-model.json, uofa-ales-model.json, ua-search-model.json, uarmTempModel.json, uofa-aps-model.json, uawfh-model.json, uofa-arts-model.json, uofa-cap-model.json, uofa-chs-agreements-model.json, uofa-augustana-model.json, uofa-base-model.json, uofa-chs-model.json, uofa-engg-coop-model.json, uofa-common-model.json, uofa-engg-model.json, uofa-extension-model.json, uofa-hrsbs-model.json, uofa-fo-model.json, uofa-education-model.json, uofa-law-model.json, uofa-hrs-model.json, uofa-esign-model.json, uofa-business-model.json, faculty-of-science-site.json, FandO-Organizations.json, FandO-Programs.json, fgsr-awards.json, fgsr-category-list.json, fgsr-exam-list.json, fgsr-official-list.json, fgsr-programOfStudy.json, fgsr-site.json, fo-emergency-response-manual.json, graduate-student-records-site.json, fo-site.json, fo-utilities.json, hrs-benefits.json, hrsbs-action-reasons.json, graduate-student-records-v2-site.json, hrsbs-doc-list.json, hrsbs-file-structure.json, hrsbs-owner-details.json, hrsbs-functionalroles.json, hrsbs-function-module.json, hrsbs-review-month.json, hrsbs-security-class.json, hrsbs-site.json, hrs-employeeApprovedDeductions.json, hrs-bulkId.json, hrsbs-review-cycle.json, hrs-employmentFinancial.json, hrs-personalInformation.json, hrs-pension.json, hrs-security-list.json, hrs-leaves.json, Institutions.json, ist-site.json, hrs-site.json, my-site-site.json, law-security-list.json, native-studies-doc-list.json, fgsr-credential-list.json, law-doc-list.json, native-studies-security-list.json, office-of-advancement-record-types.json, office-of-advancement-site.json, pcm-category.json, pllc-doc-list.json, ro-academic-pre-pro-programs.json, pllc-security-list.json, ro-acad-group.json, ro-admitType.json, ro-applicant-type.json, ro-campusSolutionsTerm.json, hrsbs-employee-class.json, pllc-site.json, ro-indigenous-type.json, ro-doctypes.json, pcm-site.json, ro-official.json, ro-org-desc.json, ro-related-record-types.json, ro-relationship-to-institution.json, ro-search-match-status.json, ro-authenticity.json, ro-slate-folio-material-non-school-scope.json, ro-slate-institution-material.json, ro-slate-folio-material-school-scope.json, ro-method-receipt.json, ro-slate-institutions.json, ro-test-id.json, rso-accounts-receivable-accounts-payable-doc-type.json, rso-agreements-doc-category.json, rso-bulk-scan-doc-type.json, rso-cfi-purchasing-doc-type.json, rso-cfi-financials-doc-type.json, rso-financial-reconciliation-doc-type.json, rso-financial-reporting-doc-type.json, rso-financials-doc-type.json, rso-mask.json, rso-site.json, rso-sponsor-names.json, science-doc-list.json, science-security-list.json, school-of-business-site.json, sfs-ussl-report-status.json, staff-training-site.json, student-financial-services-doc-list.json, student-financial-services-site.json, student-records-bulk-load-testing-site.json, student-records-training-site.json, student-records-site.json, student-transcripts-site.json, rso-forms-form-type.json, support-documentation-site.json, test-site-site.json, uappol-category-heirarchy.json, uappol-type.json, uappol-site.json, uoda-faculties.json, academic-department.json, adv-correspondence-type.json, uoda-departments.json, advsearch.json, ales-security-list.json, ales-doc-list.json, arts-doc-list.json, arts-security-list.json, augustana-security-list.json, augustana-site.json, augustana-legacy-transcript-doc-list.json, rso-activation-report-doc-type.json, business-doc-list.json, business-security-list.json, bulkload-testing-site.json, cap-site.json, caps-school-board-list.json, cbsrsite-site.json, cbsrsite-sopTypes.json, cbsr-study.json, cbsr-worksheetType.json, augustana-doc-list.json, chs-ag-type.json, chs-agreements-site.json, chs-campus-list.json, chs-degProgram-list.json, chs-emailNotification.json, chs-document-status.json, chs-faculty-list.json, chs-programYear-list.json, chs-program-list.json, canada-provinces-list.json, demo-site-site.json, education-doc-list.json, department.json, education-security-list.json, chs-stuEmailNotification.json, college-of-health-sciences-site.json, chs-provinces-list.json, engineering-coop-doc-list.json, engineering-coop-security-list.json, engineering-co-op-site.json, engineering-doc-list.json, extension-doc-list.json, extension-security-list.json, facopr-planTypes.json, facopr-supportinDocField.json, faculty-of-ales-site.json, engineering-security-list.json, faculty-of-education-site.json, faculty-of-extension-site.json, faculty-of-native-studies-site.json, faculty-of-law-site.json, faculty-of-arts-site.json, faculty-of-engineering-site.json, my_docs_inline.ftl, my_docs.ftl, my_spaces.ftl, recent_docs.ftl, translatable.ftl, readme.ftl, show_audit.ftl, general_example.ftl, my_summary.ftl, doc_info.ftl, localizable.ftl, recordsCustomModel.xml, imapConfig.json, rm_event_config.json, rmScriptThrowError.js, report_rmr_transferReport.html.ftl, report_rmr_destructionReport.html.ftl, report_rmr_holdReport.html.ftl, notify-records-due-for-review-email.ftl, record-rejected-email.ftl, record-superseded-email.ftl, onCreate_supersedes.js, rma_isClosed.js, PaperFileconfig.json, MyTasks-config.json, AFAconfig.json, roDocumentTypes.json, uappol-upload-rule.js, uappolCreateFolderRule.js, uappolCreateFolder.js, uappol-api.js, uappol-functions.js, command-utils.js, backup and log.js, backup.js, example test script.js, test return value.js, start-pooled-review-workflow.js, command-processor.js, command-search.js, alfresco docs.js, append copyright.js, createDepartmentJSON.js, hrsDaily.js, hrsFolderCreateSchedule.js, hrsScanned.js, hrsCreateFolder.js, hrsFolderCreateRule.js, hrsFileShareFolder.js, alesCreateFolderRestricted.js, alesCreateFolderSchedule.js, alesBulkShareFolder.js, alesFileScanned.js, alesCreateFolder.js, alesDaily.js, alesFileShareFolder.js, alesCreateFolderConfidential.js, alesCreateAdvisingNotes.js, alesFolderCreateSchedule.js, deployWebServiceDescriptor.js, taskReportCSV-Appointment-prod.js, artsFileScanned.js, artsCreateFolderRule.js, artsCreateFolder.js, artsCreateFolderRestricted.js, augCreateFolderRestricted.js, augCreateFolder.js, businessCreateFolderRule.js, businessCreateFolder.js, businessCreateFolderSchedule.js, businessBulkShareFolder.js, businessFileShareFolder.js, businessCreateFolderRestricted.js, businessDaily.js, businessCreateAdvisingNotes.js, businessFileScanned.js, CAPSendMonthlyReportEmail.js, CAPGenerateMonthlyReport.js, CapFinalReportSubmit.js, chsCreateFolderRule.js, chsEmailOnUpdateComment.js, chsReport.js, EmailNotifCHSStudent.js, SetExpiryDate.js, chsCreateFolder.js, chsFacultyReport.js, chsAgreementCreateFolderRule.js, chsAgreementCreateFolder.js, scheduleJobTest.js, every52MinPastHour.js, every46MinPastHourBetween4PM12PM.js, every57MinPastHour.js, every47MinPastHourBetween4PM12PM.js, everyDay4H30MinAM.js, everyDay7H45MinAM.js, every10MinStartingAt5MinPastHour.js, every38MinPastHourBetween4PM12PM.js, every20MinStartingAt15MinPastHour.js, everyDay2H05MinAM.js, every2MinStartingAt1MinPastHour.js, everyDay1H05MinAM.js, everyDay12H30MinAM.js, everyDay7H30MinPM.js, every30MinStartingAt19MinPastHour.js, every30MinStartingAt11MinPastHour.js, everyDay2H35MinAM.js, every30MinStartingAt26MinPastHour.js, every16MinPastHour.js, everyDay1H45MinAM.js, everyDay2H45MinAM.js, every29MinPastHour.js, every22MinPastHour.js, everyDay11H30MinPM.js, educationCreateFolderRule.js, educationCreateFolder.js, educationCreateAdvisingNotes.js, enggCoopCreateFolderRestricted.js, enggCoopCreateFolderRule.js, enggCoopBulkUpload.js, enggCreateFolderRule.js, enggCreateFolderRestricted.js, enggCreateFolder.js, engineeringCreateAdvisingNotes.js, enggCoopCreateFolder.js, enggFileScanned.js, enggCoopFileScanned.js, extensionFileScanned.js, extensionCreateFolder.js, extensionCreateFolderRule.js, fgsrCreateGuidelineAPSProcessFromCSV.js, fgsrDocRestructure.js, fgsrMigrationScript.js, fgsrDocRelocation.js, fgsrCreateFolderFromCSV.js, guideline-reports.js, fgsrMigrationScript-withTerminationLogic.js, modfiyOrUpdatePropertyfromCSV.js, fgsr-case-file-report.js, fgsrCreateAPSProcessFromFolder.js, fgsrCreateFolder.js, fgsrCopyMetadataToFolderLevel.js, fgsrCreateAPSProcessFromCSV.js, foCreateFolder.js, foCreateFolderRule.js, Script1.js, Script2.js, scheduleRunEvery2-10PM.js, scheduleRunEvery5PMTo10PM.js, scheduleRunEvery30Minutes.js, scheduleRunEvery60Minutes.js, scheduleRunEveryday3PMto11PM.js, scheduleRunEveryday12AMto6AM.js, scheduleRunEvery20Minutes.js, scheduleRunEvery2AM.js, acsToApsUserUpdate.js, 2024-01-13-log.txt, 2024-01-15-log.txt, 2024-01-20-log.txt, 2024-01-21-log.txt, 2024-01-22-log.txt, 2024-01-23-log.txt, 2024-02-04-log.txt, 2024-02-05-log.txt, 2024-02-06-log.txt, 2024-02-07-log.txt, 2024-02-08-log.txt, 2024-01-14-log.txt, 2024-01-18-log.txt, 2024-01-11-log.txt, 2024-01-16-log.txt, 2024-01-19-log.txt, 2024-01-26-log.txt, 2024-01-28-log.txt, 2024-01-30-log.txt, 2024-01-12-log.txt, 2024-01-29-log.txt, 2024-01-27-log.txt, 2024-01-31-log.txt, 2024-01-24-log.txt, 2024-02-09-log.txt, 2024-02-02-log.txt, 2024-01-09-log.txt, 2024-02-03-log.txt, 2024-01-05-log.txt, 2024-01-06-log.txt, 2024-01-04-log.txt, 2024-02-01-log.txt, 2024-01-07-log.txt, 2024-01-08-log.txt, 2024-02-10-log.txt, 2024-02-11-log.txt, 2024-02-12-log.txt, 2024-02-13-log.txt, 2023-12-31-log.txt, 2024-02-15-log.txt, 2024-02-16-log.txt, 2024-02-14-log.txt, 2024-02-18-log.txt, 2024-02-20-log.txt, 2024-01-17-log.txt, 2024-02-19-log.txt, 2024-01-10-log.txt, 2024-02-23-log.txt, 2024-02-25-log.txt, 2024-02-21-log.txt, 2024-01-25-log.txt, 2024-02-28-log.txt, 2024-02-22-log.txt, 2024-02-29-log.txt, 2024-03-02-log.txt, 2024-03-03-log.txt, 2024-02-26-log.txt, 2024-03-04-log.txt, 2024-03-06-log.txt, 2024-03-07-log.txt, 2024-03-05-log.txt, 2024-03-08-log.txt, 2024-03-09-log.txt, 2024-03-11-log.txt, 2024-03-10-log.txt, 2024-03-12-log.txt, 2024-03-13-log.txt, 2024-03-14-log.txt, 2024-03-15-log.txt, 2024-03-16-log.txt, 2024-03-17-log.txt, 2024-03-18-log.txt, 2024-03-20-log.txt, 2024-03-21-log.txt, 2024-03-22-log.txt, 2024-03-19-log.txt, 2024-03-23-log.txt, 2024-03-01-log.txt, 2024-03-26-log.txt, 2024-03-25-log.txt, 2024-03-28-log.txt, 2024-03-29-log.txt, 2024-03-27-log.txt, 2024-03-24-log.txt, 2024-03-30-log.txt, 2024-04-02-log.txt, 2024-04-03-log.txt, 2024-03-31-log.txt, 2024-04-05-log.txt, 2024-04-06-log.txt, 2024-04-07-log.txt, 2024-04-08-log.txt, 2024-04-09-log.txt, 2024-04-04-log.txt, 2024-04-11-log.txt, 2024-04-12-log.txt, 2024-04-13-log.txt, 2024-02-17-log.txt, 2024-04-01-log.txt, 2024-04-16-log.txt, 2024-04-15-log.txt, 2024-04-10-log.txt, 2024-04-17-log.txt, 2024-02-24-log.txt, 2024-04-14-log.txt, 2024-04-19-log.txt, 2024-04-21-log.txt, 2024-04-22-log.txt, 2024-04-23-log.txt, 2024-04-24-log.txt, 2024-04-26-log.txt, 2024-04-25-log.txt, 2024-04-29-log.txt, 2024-04-30-log.txt, 2024-05-01-log.txt, 2024-05-02-log.txt, 2024-05-03-log.txt, 2024-05-04-log.txt, 2024-05-05-log.txt, 2024-05-06-log.txt, 2024-04-28-log.txt, 2024-05-07-log.txt, 2024-04-18-log.txt, 2024-05-08-log.txt, 2024-05-09-log.txt, 2024-05-10-log.txt, 2024-05-12-log.txt, 2024-05-14-log.txt, 2024-05-11-log.txt, 2024-05-16-log.txt, 2024-04-27-log.txt, 2024-05-17-log.txt, 2024-05-15-log.txt, 2024-05-18-log.txt, 2024-05-20-log.txt, 2024-05-21-log.txt, 2024-05-19-log.txt, 2024-05-22-log.txt, 2024-05-23-log.txt, 2024-05-25-log.txt, 2024-05-24-log.txt, 2024-05-26-log.txt, 2024-05-27-log.txt, 2024-05-28-log.txt, 2024-05-29-log.txt, 2024-05-30-log.txt, 2024-06-02-log.txt, 2024-05-13-log.txt, 2024-06-01-log.txt, 2024-05-31-log.txt, 2024-04-20-log.txt, 2024-06-03-log.txt, 2024-06-04-log.txt, 2024-06-05-log.txt, 2023-12-30-log.txt, 2023-12-01-log.txt, 2024-02-27-log.txt, 2023-12-29-log.txt, gtaGraProcessToCSV.js, gtaGraProcessToCSV-2AM.js, hrs-benefit-report.js, westCanDocumentMove.js, hrsbsReviewCycleReport.js, hrsbsCreateFolderRule.js, HRSBS-SyncCCIDs.js, hrsbsCreateFolder.js, FVCA-data-import.js, FVCA-manual-property-update.js, istPerformanceReviewCreateFolder.js, lawCreateFolderRestricted.js, lawFileScanned.js, lawCreateFolder.js, lawCreateFolderRule.js, nativeStudiesCreateFolderRestricted.js, nsFolderCreateSchedule.js, nativeStudiesCreateFolder.js, nativeStudiesCreateFolderRule.js, ADV-notify-type-mapping.json, OOA-notify-email.js, ADV-notify-terms-types.js, pcm-grab-competitive-noderefs.js, pcm-update-competitive-noderefs.js, pcmCreateFolder.js, psUpdateAlfrescoDepartment.js, pllcCreateFolder.js, qaProcess.js, qaRelease.js, rmOOABackgroundInformationFiling.js, rmFilingDoc.js, rmSearchmatchNomatchFiling.js, rmFilingConfig.json, thesisDestructionReport.js, rmThesis.js, add_document_type_ro.js, updateSearchMatchStatus.js, searchmatchFullDob.js, createROReconciliationReports.js, eTranscriptInstList.js, folder-create-ro.js, augTranscript.js, addTimeStamp.js, missingDocumentList-csv.js, roAddAspectAndMoveAFA.js, myTaskDownload.js, roAddAspectAndMoveTranscript.js, roAddBundlingAspect.js, roAddSearchMatchAspect.js, roCopyEphesoftMetadataXML.js, roBatchScript.js, addSearchMatchDocumentType.js, roCreateEducationalCSV.js, roCopyOlderScannedDocument.js, roDocumentListAPLSTD.js, roCopyOlderScannedDocumentAdHoc.js, roEtranscriptReport.js, roDailyQA.js, roEtranscriptsBundleTest.js, roFolderCreateLDAPLookup_no_notificatiion.js, roFolderCreateLDAPLookup.js, roEtranscriptsBundle.js, roAddComment.js, roCopyEphesoftMetadataScanned.js, roMoveCompleted.js, roMoveCompletedBackScan.js, roMoveCompletedSearchMatch.js, roEtranscriptPDFConverter.js, roScanningMetadata.js, roScript1.js, RORoutingWorkflowUtil.js, roScript3.js, roScript2.js, roScanningMetadataBackScan.js, roScript7.js, roScript6.js, roScript9.js, roScript1BackScan.js, roSearchMatchNoMatchReport.js, roSearchMatchQuery.js, RONotification.js, roSlateDocumentExport.js, roTagAndFileRenderedPDFs.js, roScript4.js, roScript5.js, roScript8.js, createSlateFolioMaterialDropdown.js, createSlateApplicationsCSV.js, LaunchWorkflowUtils.js, PaperFileUtils.js, GenerateSponsornamesAndPinames.js, rsoCreateFolder.js, sciCreateFolderConfidential.js, sciCreateFolderPublic.js, sciCreateFolder.js, sciCreateFolderRestricted.js, scienceASDocumentImport.js, sciFileADDPFileTypes.js, sciFileShareFolder.js, sciFileScanned.js, sciBulkShareFolder.js, copy-signed-offer-letter.js, dept-config.js, reappointment-generate-schedule.js, reappointment-reminder-schedule.js, reappointment-generate-process.js, manual-generate-script.js, reappointment-reminder-process.js, reminder-email-util.js, reappointment-tracking-schedule.js, reappointment-tracking-process.js, appointment-report.js, appointment-report-schedule.js, manual-tracking-script.js, sfsCreateFolder.js, sfsWorkflowStatus.js, security-group-user.js, createReportPermissionsFoldersInASite.js, siteMembersReport.js, createReportRecursiveGroupsAndUsersInASite.js, search-responses.js, advChangeDocumentType.js, addFolderMetadata.js, advChangeDocumentType_confidential.js, consignOInitiatorOfferLetterChange.js, advChangeDocumentType_background.js, transcriptResponse.js, change-fgsr-pdf-file-name-with-date.js, copy-fgsr-to-graduate-students-records.js, ADVDonationCalendarToFiscal.js, document-query.js, deletingCompletingWorkflow.js, eTranscriptTemp.js, eTranscript-bundled-02-jan.js, eTranscriptVersionModifierFix.js, fixCheckout.js, removeDonationGrp.js, eTranscriptVersioningFix.js, move-fgsr-folder.js, search-match-dob-add.js, thesisDepositArchival.js, moveThesesForTransfer.js, eraReportGeneration.js, kofaxMetadataMerge.js, kofaxMetadataMergeMissing.js, generic2min.js, kofaxSendEmail.js, PeopleSoft-eTranscript-XML-PDF.js, startBenefitWorkflow.js, peoplesoftMetadataMergeMissing.js, securityWorkflowUtil.js, startPayActionWorkflow.js, startDepartmentAdhocApprovalWorkflow.js, convertTranscript.js, CreateTranscriptUserMemberships.js, startTwoStepWorkflow.js, fix_employee_names.js, env.js, folderCreateUtil.js, folderCreateUtilAA.js, generalSchedule.js, JSON.js, xmlUtil.js, addPersonAspect.js, addTimeStampRandomFileName.js, archiveDocument.js, luceneUtil.js, util.js, archivedItems.js, getProjectDetails.js, ADVChangeAuthor.js, ADVcalendarToFiscal.js, symplexUtils.js, advBatchProcessing.js, advChangeDocumentName.js, ADVEphesoftMove.js, advCreateFolderScheduled.js, advErrorMessageReset.js, advMetadataUpdate.js, advMoveToFoldersScheduled.js, ADVendFundReportFiling.js, advReconcilliation.js, ADVmoveRecordsToPreQA.js, advScanningMetadata.js, advScript2.js, advScript3.js, advScript4.js, advScript1.js, advScript5.js, advScriptDaily.js, advScriptMonthly.js, advScriptKofax.js, ADVSiteContext.js, advMoveToFolder.js, deleteEphesoftDoc.js, advUtils.js, folderCreateADV.js, advScriptDaily30minFreq.js, jsonUtils.js, advScanning.js, folderCreateDocumentADV.js, moveToFolders.js, symplexMetadataUpdate.js, OOA_SOT_Name_change.js, moveToFoldersRetainTitle.js, advScriptWeekly.js, symplexMoveToFolder.js, clioToAcsDocUpdate.js, ClioUpdateScheduledJob.js, smartFoldersExample.json, system-overview.html, businessDocSetup.json, uappolDocSetup.json, businessConfig.json, augConfig.json, augDocSetup.json, lawConfig.json, uappolConfig.json, UAlbertaSettings.json, hrsbsDocSetup.json, advConfig.json, hrsbsConfig.json, hrsConfig.json, hrsDocSetup.json, advSimplexMapping.json, advDocSetup.json, artsDocSetup.json, alesConfig.json, alesDocSetup.json, archiveFolder.json, artsConfig.json, advScanningMapping.json, collegeOfHealthSciencesConfig.json, chsAgreementsConfig.json, dropboxCommonAspects.json, collegeOfHealthSciencesDocSetup.json, chsAgreementsDocSetup.json, educationConfig.json, extensionConfig.json, fgsrv2DocSetup.json, foConfig.json, foDocSetup.json, educationDocSetup.json, lawDocSetup.json, nativeStudiesDocSetup.json, pllcConfig.json, pllcDocSetup.json, roConfig.json, fgsrv2Config.json, rsoConfig.json, rsoDocSetup.json, sciConfig.json, eTranscriptConfig.json, sciDocSetup.json, roDocSetup.json, sfsDocSetup.json, UAlbertaSettings.conf, student-recordsConfig.json, securityWorkflowSetting.json, thesisDepositConfig.json, globalHeader.html.ftl, webFormDialog.html.ftl, alfrescoUserGroupRequest.ftl, pensionBenefit.html.ftl, pinames.json, sponsornames.json, searchPageConfig.json, pcmDocSetup.json, pcmConfig.json, qaConfig.json, apsAppConfig.json, fgsrCreateApsFromCSV.json, fgsrCopyMetadata.json, enggCoopDocSetup.json, enggDocSetup.json, enggConfig.json, enggCoopConfig.json, CapApsConfig.json, extensionDocSetup.json, readme.html, readme_de.html, readme_ja.html, readme_fr.html, advEndowmentName.get.desc.xml, advEndowmentName.get.json.ftl, advEndowmentName.get.js, advEntityName.get.desc.xml, advEntityName.get.js, advEntityName.get.html.ftl, search.get.desc.xml, search.get.js, search.get.html.ftl, changeInitiatorAppt.put.desc.xml, eSignatureStatusHistory.get.html.ftl, changeInitiatorAppt.put.json.ftl, eSignatureStatusHistory.get.desc.xml, appointmentSubmit.get.js, processIdProps.get.desc.xml, changeInitiatorAppt.put.js, processIdProps.get.json.ftl, processIdProps.get.js, appointmentLandingPage.get.desc.xml, appointmentLandingPage.get.js, appointmentLandingPage.get.html.ftl, appointmentStart.get.desc.xml, appointmentStart.get.html.ftl, appointmentStart.get.js, appointmentStartTest.get.desc.xml, appointmentStartTest.get.js, appointmentStartTest.get.html.ftl, appointmentSubmit.get.desc.xml, appointmentSubmit.get.html.ftl, eSignatureStatusHistory.get.js, apsApplicationList.get.desc.xml, apsApplicationList.get.html.ftl, assignuser.put.js, assignuser.put.json.ftl, claimtask.put.desc.xml, claimtask.put.js, claimtask.put.json.ftl, completetask.post.desc.xml, completetask.post.json.ftl, completetask.post.js, getapsdbid.get.desc.xml, getapsdbid.get.json.ftl, gettasks.get.desc.xml, gettasks.get.json.ftl, assignuser.put.desc.xml, gettasks.get.js, savetask.post.desc.xml, savetask.post.js, savetask.post.json.ftl, taskForm.get.js, taskForm.get.desc.xml, tasklist.get.desc.xml, apsApplicationList.get.js, taskForm.get.json.ftl, tasklist.get.html.ftl.jquery, tasklist.get.html.ftl, tasklist.get.js, triggerapsprocess.post.desc.xml, triggerapsprocess.post.js, updatevariables.post.desc.xml.notused, triggerapsprocess.post.json.ftl, updatevariables.post.json.ftl.notused, getapsdbid.get.js, updatevariables.post.js.notused, taskUtils.js, apsGroupsConfig.json, apsSitesConfig.json, apptStepZeroStarter.post.desc.xml, apptStepZeroStarter.post.json.ftl, apptStepZeroStarter.post.js, apptStepOneStarter.post.desc.xml, apptStepOneStarter.post.js, apptStepOneStarter.post.json.ftl, apptStepOneSave.post.json.ftl, apptStepOneSave.post.desc.xml, apptStepOneSave.post.js, apptStatusDocUpdate.post.desc.xml, apptStatusDocUpdate.post.json.ftl, apptStatusDocUpdate.post.js, APSWorkflowStatus.get.desc.xml, APSWorkflowStatus.put.html.ftl, APSWorkflowStatus.get.html.ftl, APSWorkflowInfo.put.html.ftl, APSWorkflowStatus.put.desc.xml, APSWorkflowInfo.put.desc.xml, APSWorkflowStatus.get.js, APSWorkflowStatus.put.js, APSWorkflowInfo.put.js, NodeInfo.get.desc.xml, NodeInfo.get.html.ftl, capinfo.get.js, capstart.get.js, epsb.get.js, epsb.get.html.ftl, capstart.get.html.ftl, epsb.get.desc.xml, schoolboard.get.html.ftl, NodeInfo.get.js, NodeInfoByCapId.get.desc.xml, updateVariable.post.json.ftl, updateVariable.post.js, schoolboard.get.desc.xml, updateVariable.post.desc.xml, schoolboard.get.js, capinfo.get.html.ftl.backup, cap-file-load.post.json.ftl, NodeInfoByCapId.get.js, capinfo.get.html.ftl, capstart.get.desc.xml, cap-file-load.post.desc.xml, capinfo.get.desc.xml, cap-file-load.post.js, capeamergedoc.get.js, capeamergedoc.get.desc.xml, capeamergedoc.get.html.ftl, capConfig.js, chsEnv.js, chsConfig.js, chsAdminStuView.get.desc.xml, chsAdminStuView.get.html.ftl, chsAdminStuView.get.js, coupa.get.html.ftl, coupa.get.desc.xml, coupa.get.js, coveoGetDocList.get.desc.xml, coveoGetDocList.get.json.ftl, coveoGetDocList.get.js, getJson.get.desc.xml, getJson.get.js, getJson.get.json.ftl, simpleupload.post.desc.xml, simpleupload.post.json.ftl, simpleupload.post.js, consignoMessage.get.js, consignoWebhook.post.js, consignoWebhook.post.json.ftl, consignoMessage.get.desc.xml, consignoWebhook.post.desc.xml, consignoMessage.get.json.ftl, eSignDownload.get.js, eSignDownload.get.html.ftl, eSignDownload.get.desc.xml, review-supervisorv2.get.desc.xml, review-supervisorv2.get.js, review-supervisorv2.get.html.ftl, fgsrssgLanding.get.js, review-comm01v2.get.desc.xml, fgsrssgLanding.get.html.ftl, review-comm01v2.get.html.ftl, review-comm02v2.get.desc.xml, review-comm02v2.get.html.ftl, fgsrssgLanding.get.desc.xml, review-studentv2.get.html.ftl, review-comm03v2.get.html.ftl, review-comm03v2.get.desc.xml, review-studentv2.get.desc.xml, review-cosupervisorv2.get.html.ftl, review-comm02v2.get.js, review-startv2.get.desc.xml, review-studentv2.get.js, review-cosupervisorv2.get.js, review-startv2.get.js, review-student-revisionv2.get.html.ftl, review-student-revisionv2.get.desc.xml, review-startv2.get.html.ftl, review-comm03v2.get.js, review-cosupervisorv2.get.desc.xml, review-student-revisionv2.get.js, review-comm01v2.get.js, review-comm02.get.desc.xml, review-comm02.get.html.ftl, review-comm03.get.desc.xml, review-comm02.get.js, review-comm03.get.html.ftl, review-cosupervisor.get.desc.xml, review-cosupervisor.get.html.ftl, review-cosupervisor.get.js, review-nextdate.get.desc.xml, review-comm03.get.js, review-nextdate.get.js, review-student.get.html.ftl, review-student.get.js, review-student-revision.get.desc.xml, review-student.get.desc.xml, review-student-revision.get.js, review-studentTest.get.desc.xml, review-supervisor.get.desc.xml, review-studentTest.get.js, review-supervisor.get.html.ftl, review-supervisor.get.js, review-comm01.get.desc.xml, review-comm01.get.html.ftl, review-comm01.get.js, review-student-revision.get.html.ftl, review-nextdate.get.html.ftl, review-studentTest.get.html.ftl, guidelines-supervisor.get.desc.xml, guidelines-supervisor-revision.get.html.ftl, guidelines-start.get.desc.xml, guidelines-start.get.html.ftl, guidelines-start.get.js, guidelines-student.get.desc.xml, guidelines-student.get.html.ftl, guidelines-student-revision.get.js, guidelines-student-revision.get.desc.xml, guidelines-supervisor.get.html.ftl, guidelines-supervisor-revision.get.desc.xml, guidelines-student-revision.get.html.ftl, guidelines-student.get.js, guidelines-supervisor.get.js, guidelines-supervisor-revision.get.js, programExtensionScript.js, customScript.js, customCSS_FGSR2.css, customCSS_FGSR.css, fgsrEnv.js, FGSR-Forms-Config.js, config.js, googleAddon.get.json.ftl, googleAddon.get.desc.xml, googleAddon.get.js, gtaGraStatus.post.json.ftl, gtaGraStatus.post.js, gtaGraStatus.post.desc.xml, wfh-manager.get.desc.xml, wfh-form.get.js, wfh-manager.get.html.ftl, wfh-form.get.desc.xml, wfh-revise.get.desc.xml, wfh-revise.get.html.ftl, wfh-revise.get.js, wfh-seniormanager.get.desc.xml, wfh-manager.get.js, wfh-seniormanager.get.js, wfh-seniormanager.get.html.ftl, wfh-form.get.html.ftl, hrsbsDocumentLinking.get.desc.xml, hrsbsDocumentLinking.get.html.ftl, hrsbsDocumentLinking.get.js, coi-start.get.desc.xml, coi-start.get.html.ftl, coi-revise.get.html.ftl, coi-employee.get.html.ftl, coi-employee.get.desc.xml, coi-revise.get.desc.xml, coi-start.get.js, coi-revise.get.js, coi-supervisor.get.js, coi-supervisor.get.desc.xml, coi-employee.get.js, coi-supervisor.get.html.ftl, getTaskFilter.get.json.ftl, queryTasks.get.json.ftl, routableGroups.get.desc.xml, routableGroups.get.js, routableGroups.get.json.ftl, queryTasks.get.desc.xml, setTaskFilter.post.js, setTaskFilter.post.json.ftl, setTaskFilter.post.desc.xml, applyTaskAction.post.js, applyTaskAction.post.json.ftl, applyTaskAction.post.desc.xml, getTaskFilter.get.desc.xml, getTaskFilter.get.js, queryTasks.get.js, avmbrowse.get.desc.xml, avmbrowse.get.html.ftl, avmbrowse.get.js, avmstores.get.desc.xml, avmstores.get.html.ftl, blogsearch.get.atom.400.ftl, blogsearch.get.html.400.ftl, blogsearch.get.desc.xml, blogsearch.get.js, categorysearch.get.atom.404.ftl, blogsearch.get.html.ftl, categorysearch.get.html.404.ftl, categorysearch.get.js, categorysearch.get.html.ftl, categorysearch.get.desc.xml, folder.get.desc.xml, folder.get.html.ftl, folder.get.js, psDeptAll.get.js, psDeptSingle.get.json.ftl, psDeptSingle.get.js, psPerson.get.json.ftl, psUtil.js, psPerson.get.js, psAcademicDeptAll.get.desc.xml, psAcademicDeptAll.get.json.ftl, psAuthorizedApprover.get.desc.xml, psDeptAll.get.json.ftl, psAuthorizedApprover.get.js, psAuthorizedApprover.get.json.ftl, psDeptAll.get.desc.xml, psDeptSingle.get.desc.xml, psPerson.get.desc.xml, ceeb.get.desc.xml, ceeb.get.json.ftl, getSlateId.get.desc.xml, getSlateId.get.js, materials.get.json.ftl, materials.get.desc.xml, getSlateId.get.json.ftl, ceeb.get.js, materials.get.js, edit.get.html.ftl, edit.get.js, save.post.js, save.post.json.ftl, scans.get.desc.xml, scans.get.js, uploadfile.post.desc.xml, uploadfile.post.json.ftl, edit.get.desc.xml, uploadfile.post.js, scans.get.html.ftl, save.post.desc.xml, AFA_Main.post.desc.xml, AFA_MainFileOnly.post.desc.xml, AFA_MainFileOnly.post.js, AFA_Main.post.js, AFA_MainFileOnly.post.json.ftl, AFA_Main.post.json.ftl, paperFileUtil.get.desc.xml, paperFileUtil.get.js, paperFileUtil.get.html.ftl, rsoprojectdetails.get.html.ftl, rsoprojectdetails.get.js, rsoprojectdetails.get.desc.xml, roslateapplist.get.html.ftl, roslateapplist.get.desc.xml, roslateapplist.get.json.ftl, roslateexists.get.html.ftl, roslateexists.get.desc.xml, roslateapplist.get.js, roslateexists.get.js, uofaDepartmentList.get.desc.xml, uofaDepartmentList.get.js, uofaDepartmentList.get.html.ftl, uofaDepartmentName.get.desc.xml, uofaDepartmentName.get.html.ftl, uofaFacultyList.get.html.ftl, uofaFacultyList.get.desc.xml, uofaDepartmentName.get.js, uofapersonid.get.desc.xml, uofapersonidrest.get.html.ftl, uofapersonidrest.get.desc.xml, uofapersonid.get.html.ftl, uofapersonid.get.js, uofapersonidrest.get.js, uappolCategoryHeirarchy.get.desc.xml, uappolCategoryHeirarchy.get.json.ftl, uappol-metadata-query.get.desc.xml, uappol-metadata-query.get.js, uappol-metadata-query.get.json.ftl, uappolCategoryHeirarchy.get.js, siteFileViewer.get.desc.xml, siteFileViewerConfig.js, siteFileViewer.get.html.ftl, siteFileViewer.get.js, publicSiteFileViewer.get.html.ftl, publicSiteFileViewer.get.desc.xml, publicSiteFileViewer.get.js, cronJob.post.desc.xml, cronJob.post.js, cronJob.post.json.ftl, studentupload.get.html.ftl, generatereport.get.json.ftl, generatereport.get.desc.xml, approvethesis.post.js, generatereport.get.js, search-match-attach.get.js, search-match-list.get.html.ftl, search-match-result.get.html.ftl, search-match-result.get.js, search-match-list.get.js.old, chs-agreements.get.js, chs-agreements.get.html.ftl, chs-upload.get.html.ftl, chs-upload.get.js, uamytasks.config.get.js, chsStudentView.get.js, chsStudentView.get.html.ftl, foModel.xml, uofaDocTypes.xml, uofaDocTypes.json, foModel.json, tim-sops, FandO, cbsr, nanofab, support-documentation, Alfresco.zip - 1bf054bded99e2ae414154593d0892066b2e0c7add603f9321e157c77ae52075, https://www.virustotal.com/graph/embed/g05f1796a358b458d95751d31d1d529aa378f8ffadf0b4305b7fa0bd1c64fe228?theme=dark, https://www.virustotal.com/gui/collection/63819e07111e9665ba8602777d782527c54f3fad71ef36f977405a004484787c/iocs, https://viz.greynoise.io/analysis/0cd9177e-8328-4355-a2c0-d05704a64c72, components.zip - 2b91fcf852a5f1f57be71a269d82497b37c9f544ebd8f32aaa240e4cde0ffeea, https://www.virustotal.com/graph/embed/g2948a5c332eb4614973872a8243215f6aa1fba79749a48ea92806e9b934db91f?theme=dark, https://viz.greynoise.io/ip/analysis/2610b635-c05a-4f28-a112-7278de8fdf9b, http://fakejuko.site40/, pegacloud.net, IDS: Hiloti Style GET to PHP with invalid terse MSIE headers, IDS: Win32/Ibashade CnC Beacon, IDS: Win32.Scar.hhrw POST, IDS: Trojan.Win32.Cosmu.cdqg Checkin, IDS: OnionDuke CnC Beacon 1, IDS: Observed Suspicious UA (Mozilla/5.0), IDS: Data POST to an image file (jpg), cwt-cwtcxp1-dt1.pegacloud.net • fortrea-prod1.pegacloud.net • ssl-ssldmp-dt1-sftp.pegacloud.net • 13.40.20.221 • 44.215.155.206 • 44.226.180.214, https://www.virustotal.com/graph/gf0bda84fe402485489e0c55ae3d7bf4db19a6eeb799844209981379272897831, Payment - Ref Id- H3426584.doc FileHash SHA256 ed2914efddb8e8f4c89abf95faa32572d35b3cfdfb202266993f6e7624a2048c, The sandbox Zenbox flags this file as: EVADER, The sandbox Dr.Web vxCube flags this file as: MALWARE EXPLOIT, IDS: Matches rule SURICATA STREAM Packet with invalid ack, IDS: Matches rule SURICATA STREAM SHUTDOWN RST invalid ack, YARA: Office_Document_with_VBA_Project from ruleset Office_Document_with_VBA_Project by InQuest Labs, YARA: Microsoft_Office_Documents_Excessive_Variables from ruleset Microsoft_Office_Documents_Excessive_Variables by InQuest Labs, Dr. Web known infection source, Emotet download site = dirt search.org / aws.dev and other related DGA’s (active), Xcitium Verdict Cloud government & legal - https://www.dirtsearch.org/data/TSARA/BRASHEARS/, DirtSearch.org | BitDefender business | Forcepoint ThreatSeeker reference materials | Xcitium Verdict Cloud government & legal, Verdict: Defense Law Firm | malicious tools / agitators, https://www.virustotal.com/gui/collection/789999053bd7022e2d79a887a5f959be573ce57d6c4f3165503438fbd5dd9ad5/graph, https://otx.alienvault.com/indicator/domain/stcigroup.com, https://www.virustotal.com/graph/g4f9f6f8718d6485695cbdd12577464f4db1d2af04cfc44e8aa0679860c728339, https://www.virustotal.com/graph/ga30c6413c45144b1a221e1aff89d0409388da1a555bc4109bbc3d1391bcab10f, https://www.virustotal.com/graph/embed/gbd9dc992da5f49728d22429d5552c000303449923a744f018453892e1abeca74?theme=dark, https://www.virustotal.com/gui/collection/20bf6b326e46f6ae2b4794efdc3b1ce1a979b89f98fd2fc95d06361aa2efc4e4, https://www.virustotal.com/gui/collection/20bf6b326e46f6ae2b4794efdc3b1ce1a979b89f98fd2fc95d06361aa2efc4e4/iocs, https://www.virustotal.com/gui/collection/20bf6b326e46f6ae2b4794efdc3b1ce1a979b89f98fd2fc95d06361aa2efc4e4/summary, https://www.virustotal.com/gui/collection/20bf6b326e46f6ae2b4794efdc3b1ce1a979b89f98fd2fc95d06361aa2efc4e4/graph, https://dnstwist.it/#7c697f80-c2c3-43a2-85c0-05ed178bb050, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/66b3cdc90a0b888d183249be, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab26651916f9ecabe7f213, https://www.filescan.io/uploads/68197948d95f3e34e9615af0/reports/7b5b7977-b6ee-49c0-af35-1ee866e64e4e/ioc, https://www.hybrid-analysis.com/sample/cc2438f2ce5688ebea0b6fc1d556d44e0384ba1651dee3c30fc5ed4c595a40b6/6819791dee8ee1fe7b07b5d4, https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader, https://www.virustotal.com/graph/gd609cff1ee614ce2b422709e4c2752d2b8309743e38e45a0a1a0fe104ab4149e, https://www.virustotal.com/graph/embed/gd7c52fa412654cc5b239a064a9891ffeba51cfdfcfa84bf291f2745751c6a686?theme=dark, https://www.virustotal.com/gui/collection/86de79c78794e2b83f5410218f1d7231b0e5acd7bd4f124186ed72d0817d6405, https://www.virustotal.com/gui/collection/d176151d51c4e95353544d4c6540cdfdc49d324b47fd3eb532cbe30bcaa46792, https://www.hybrid-analysis.com/sample/05af1781c1b97b7fff85d8eab5072f1fe4e6a7f6bc754c35d1d527f7ef3005c6/68093fa41e226b739d0d401b, https://www.hybrid-analysis.com/sample/05af1781c1b97b7fff85d8eab5072f1fe4e6a7f6bc754c35d1d527f7ef3005c6, https://www.filescan.io/uploads/68093f78218c4a98adde3f92/reports/7e5be6b9-0d5e-4a3b-bb19-4f72974b4207/overview, https://www.tiktok.com/@jeffersonultra/video/7404142059327687942?is_from_webapp=1&sender_device=pc&web_id=7408601050825868806, https://www.tiktok.com/@jeffersonultra/video/7401970649561894150, Https://BiosVir.us, Https://BluetoothVirus.com, https://www.virustotal.com/gui/collection/f3bb0fe192a7a669edd061, https://www.virustotal.com/graph/embed/g1313cfcd67d34e9c8d8438d6, https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, All - EnterpriseAppsList.csv, AppRegistrationList.csv, https://tria.ge/240517-vc7c1shc62/behavioral1, https://tria.ge/240517-vdwb5shc71/behavioral1, https://tria.ge/240517-vqxezaaa33/behavioral1, https://tria.ge/240517-t9pc2ahb2t, https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary, https://www.filescan.io/uploads/66479b483313f70f0afe3dbb, https://www.filescan.io/uploads/664799c9d5c40bffee6106d7, Thor Scan: S-I9VvMTB6cZU, https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview, https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview, https://imp0rtp3.wordpress.com/2021/08/12/tetris/, https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview, https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview, https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview, https://tria.ge/240521-q4s79agb25/static1, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093, https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview, https://www.filescan.io/uploads/666d69ff6b8dba248b414767, https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3, https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b, Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2, https://www.hudsonrock.com/search?domain=ualberta.ca, https://www.criminalip.io/domain/report?scan_id=13798622, https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24, https://urlscan.io/search/#ualberta.ca, https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs, https://sitereport.netcraft.com/?url=http://ualberta.ca, https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/, https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll, https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark, https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22, https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22, https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22, https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List, savethemalesdenver.com » https://www.uchealthcares.org | myuchealth.net | 168.200.5.63 | http://ITSupport.uchealth.org, bestofus.org Location: United States of America ASN AS18693 university of colorado hospital, https://floorgoddijn.nl/3798393-dad-dont-my-image-hole-fuck-ass.html, https://hypnosen.fr/4306769-women-xxvideos-matured-village-african-scene-wapdam.html, https://kayleighvandalen.nl/8455490-up-hot-bottoms-xxxonxxx-pics-galleries.html, https://maisonduweb3.fr/6014324-porn-you-ebony-pics-black-xxx.html, https://mtl-plomberie.fr/1210582-sperm-release-can-pictures-that-naija.html, https://mtl-plomberie.fr/2536532-ሀበሻ-video-xxx.html, FileHash-SHA256 cc0f195fe54b9981b1ea3815e44b85a0fb3571be732bd5b4034f57690436f4c4, Yara Detections: Mirai_Botnet_Malware Alerts: dead_host network_icmp nolookup_communication, Domains Contacted: ntp.ubuntu.com, IP’s Contacted: 1.0.128.143 1.10.54.226 1.107.217.150 1.112.34.224 1.114.165.87 1.116.76.208 1.118.37.88 1.121.139.226 1.122.96.75 1.114.207.168, device-290db215-637a-441f-b5f4-81bf8bd75ae5.remotewd.com, Trojan:Win32/Zombie.A FileHash-SHA256 ff43920cf098063475b4c62cd63e550fb783e3be1cf7458688b5c1d2d94c6830, Yara Detections: Nrv2x , upx_3 , UPX_OEP_place , UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser ,, Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser , UPXv20MarkusLaszloReiser , UPX, cpe-1-159-170-17.wb05.wa.asp.telstra.net, ELF:Mirai-BZ\ [Trj] » device-290db215-637a-441f-b5f4-81bf8bd75ae5.remotewd.com | 1.159.170.17 | Perth, Australia ASN AS1221 telstra corporation, ELF:Mirai-BZ\ [Trj] cc0f195fe54b9981b1ea3815e44b85a0fb3571be732bd5b4034f57690436f4c4 | Australia ASN AS1221 telstra corporation, Backdoor:Linux/Mirai.B FileHash-SHA1 5df4c3322a68750c6b0c931e8ebebaa60c0a0555, Yara Detections: Mirai_Botnet_Malware , MAL_ELF_LNX_Mirai_Oct10_2 , SUSP_XORed_Mozilla , is__elf, 198.49.6.6 » Loveland, United States of America ASN AS25825 poudre valley health care inc., http://www.northpoleroute.com/78985064&type=0&resid=5312625, espysite.azurewebsites.net - https://otx.alienvault.com/indicator/hostname/espysite.azurewebsites.net, TrojanSpy:Win32/Nivdort.CW: FileHash-SHA256 251150379b9a0ff230899777f0952d3833a88c1a2d6a0101ea13bdd91a9550fe, TrojanSpy:Win32/Nivdort.CW: FileHash-SHA256 aa289c89f2cdbfe896f4c77c611d94aa95858797014b57e24d5fe2bb0997d7b0, Ransom:Win32/Haperlock.A: FileHash-MD5 46480bf46cde2b3e79852661cc5c36fc, Ransom:Win32/Haperlock.A: FileHash-SHA1 c881d1434164b35fb16107a25f84995b7fdef37f, Ransom:Win32/Haperlock.A; FileHash-SHA256 8264c73f129d4895573c2375ea4e4636b9d5df66852ce72ccc20d31a96ae7df1, IDS Detections: W32/Bayrob Attempted Checkin 2 Terse HTTP 1.0 Request Possible Nivdort W32/Bayrob Attempted Checkin, IDS Detections: Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz, Alerts: cape_detected_threat cape_extracted_content, https://otx.alienvault.com/indicator/file/251150379b9a0ff230899777f0952d3833a88c1a2d6a0101ea13bdd91a9550fe, https://otx.alienvault.com/indicator/url/https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing], "Windows SMB Information Disclosure Vulnerability." - https://otx.alienvault.com/indicator/cve/CVE-2017-0147, Backdoor:Win32/Fynloski.A: FileHash-SHA256 4e692806955f9ee3f4c7a5d9a1ac7729eb53b855b39e6f9f943f89ccba30bd49, Backdoor:Win32/Fynloski.A: FileHash-SHA 453355033bb7977831ca87cc90156b594f13b2ee, Backdoor:Win32/Fynloski.A: FileHash-MD5 c3113684e8f8aa6d1b1b67d59141e845, TrojanClicker:Win32/Ellell.A: FileHash-SHA256 7456108771e6a8bac658276c1cb9e18c8c348fdd9cd3538419751c3b5ef3ac02, TrojanClicker:Win32/Ellell.A: FileHash-SHA1 7a52b57df5b3c67f810a71dc39ff93688b141534, TrojanClicker:Win32/Ellell.A: 4d3e7d486ec5918d91e54e51c4d07dc6, PWS:Win32/Ymacco.AA50: FileHash-SHA256 105834163b1a0c89e12917a3145e14be6030a611e07f7f62fa7c57de838d6251, PWS:Win32/Ymacco.AA50: FileHash-SHA1 57486d33246bce6dfedb0836cd97c9acd4a4a39a, PWS:Win32/Ymacco.AA50: FileHash-MD5 5739cd62eb88e2a7e514784fe7cf5ca4, https://otx.alienvault.com/indicator/ip/162.222.213.199, TrojanDownloader:Win32/PurityScan.MI!MTB: FileHash-SHA1 58ba8715a88d883537ba8d0e20eea2a4d9269cad, Ransom:Win32/Tescrypt: FileHash-SHA256 916e13eb1e4313b2a04a2ae21b4955b8228183b26709a64284098ca759a8f437, PWS:Win32/QQpass.B!MTB: FileHash-SHA256 71fa9257f88c15b438616662dc468327199edb570286c7259d333953006b8eec, PWS:Win32/QQpass.B!MTB: FileHash-SHA1 fec703ee7c02ffe35c6b987bb9aac3a765e95dfb, PWS:Win32/QQpass.B!MTB: FileHash-MD5 f7c36b4e5b4b09dc369163377aade2d7, Trojan:Win32/Zombie.A: FileHash-SHA256 0b87667251b79cb800ddd88bdabecea8e13248c426d4a14ae0aae0ef5783f943, Trojan:Win32/Zombie.A: FileHash-SHA1 de974c697f0401d681e1bb3c8694a663e9e43d8f, Trojan:Win32/Zombie.A: FileHash-MD5 34e85820b41c14e07dd564f22997e893, Win.Virus.TeslaCrypt3-2: 78af1fd5be62ab829e49f9a1b5fbb8a9b30f8d0804cba5805c8f350b841d522e, IDS Detections : W32/Bayrob Attempted Checkin 2 CryptoWall Check-in AlphaCrypt CnC Beacon 4 Trojan-Ransom.Win32.Blocker.avsx, IDS Detections : AlphaCrypt CnC Beacon 3 MalDoc Request for Payload Aug 17 2016 Koobface W32/Bayrob Attempted Checkin, IDS Detections : Suspicious Accept in HTTP POST - Possible Alphacrypt/TeslaCrypt Alphacrypt/TeslaCrypt Ransomware CnC Beacon, https://otx.alienvault.com/indicator/ip/185.230.63.186, CnC IP's: 192.187.111.221 63.141.242.43 63.141.242.44 63.141.242.46 81.17.18.195 81.17.18.197 81.17.29.146 81.17.29.148, http://islamicsoftwares.com/downloads/iphone/audioCont/2/107.tar.gz http://islamicsoftwares.com/downloads/iphone/audioCont/7/110.tar.gz, smartphonesonline.co.uk https://smartphonesonline.co.uk/ https://www.smartphonesonline.co.uk/ [192.187.111.222. US - Request HTTP -Target IP], Mercenary Attackers / Cellebrite branded as: http://teacellertea.com/Pegasus/ NSO, https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635, https://otx.alienvault.com/indicator/file/0002f7cbc10cfea832f117d66dea2d33e6ca1d5cea57d9af0784255e0112d658, https://otx.alienvault.com/indicator/ip/63.141.242.45, Yara Detections: is__elf , xorddos , LinuxXorDDoS_VariantTwo, Antivirus Detections: ELF:Xorddos-AE\ [Trj] , Unix.Trojan.Xorddos-1 ,, Trojan:Linux/Xorddos: FileHash-MD5 3b4ce1333614cd21c109054630e959b9, Trojan:Linux/Xorddos: FileHash-SHA1 a5780498e6fce5933a7e7bf59a6fa5742e97f559, Trojan:Linux/Xorddos: FileHash-SHA256 0002f7cbc10cfea832f117d66dea2d33e6ca1d5cea57d9af0784255e0112d658, https://hallrender.com/attorney/brian-sabey, Andariel Backdoor Activity (Checkin), IDS: WGET Command Specifying Output in HTTP Headers, IDS: D-Link Devices Home Network Administration Protocol Command Execution, Trojan.NukeSped./TigerRat | Trojan[APT]/Win32.Lazarus | Cited: Andariel group » state-sponsored threat actor & Defense media, Mr. Telephone man. there js something wrong with her line when she tries to dial a number, she gets a freak every time..., Stranger Things | http://hopto.org/colocrossing/192.3.13.56/telco, Antivirus Detections: Other:Malware-gen\ [Trj], Yara Detections: UPXProtectorv10x2 , UPX Alerts dead_host network_icmp nolookup_communication, Antivirus Detections: Other:Malware-gen\ [Trj] , Win.Trojan.Emotet-9951800-0, Yara Detections: osx_GoLang, .trino-11062202-1d32.stress-11061903-3b4c.westus2.projecthilo.net projecthilo.net, 0-courier.push.apple.com | https://apple-accouut.sytes.net/ | appupdate-logapple.ddnsking.com | appleidi-iforgot.3utilities.com, http://appleidi-iforgot.3utilities.com/ | https://appupdate-logapple.ddnsking.com/?reset | http://appleidi-iforgot.3utilities.com/Upload-Identity.php |, http://appleidi-iforgot.3utilities.com/Verify.php, device-ccf717a6-ed4f-4771-abfa-ccaafbfb6526.remotewd.com | device-local-359704df-0b29-4ae8-bbc5-f48b0a4de73c.remotewd.com | remotedev.org | dan.remotedev.org, 152.199.171.19 : USDA Fort Collins, Colorado, Swipper: [email protected] | [email protected], 152.199.161.19: ANS Communications, Inc (ANS), OrgTechHandle: SWIPP-ARIN OrgTechName: swipper OrgTechPhone: +1-800-900-0241 OrgTechEmail: [email protected], http://bat.bing.com/bat.js | bounceme.net | bounceme.net | hopto.org | hopto.org |,serveblog.net | serveblog.net, https://otx.alienvault.com/otxapi/indicators/url/screenshot/http://hopto.org/colocrossing/192.3.13.56/telco, Emotet: FileHash-SHA256 9c9459e9a5f0102c034ec013b9d801d38ed474bcd73b7aeded931e5c2a4f75cc, Win.Virus.PolyRansom-5704625-0: FileHash-SHA256 f46de5d0c5dd13f5de6114372542efd1ea048e14f051b64b34c33e96c175cb09, Other:Malware-gen\ [Trj: FileHash-SHA256 4ef29fd29fd95990a36379ad7a4320f04da64e7ec63546e047e2491e533c71a3, Injection Source: www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process, Injection Source: http://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process, Injection Source: https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process, Project Endgame - pegausintel.com -Unsjre if related to NSO Group, Antivirus Detections: ALF:HeraklezEval:Rogue:Win32/FakeRean, Yara Detections: compromised_site_redirector_fromcharcode , Cabinet_Archive , SFX_CAB, Alerts: infostealer_cookies persistence_autorun recon_programs recon_fingerprint removes_zoneid_ads anomalous_deletefile, P’s Contacted: 93.184.221.240 3.33.130.190 | Domains Contacted: counterslocal.com, compromised_site_redirector_fromcharcode fromCharCode, Interesting Strings: http://www.interoperabilitybridges.com/wmp http://crbug.com/40902 http://crbug.com/516527, Interesting Strings: http://service.real.com/realplayer/security/02062012_player/en/, Interesting Strings: https://support.google.com/chrome/?p=plugin_pdf, https://support.google.com/chrome/?p=plugin_quicktime https://chrome.google.com/, Interesting Strings: http://schema.org/GovernmentOrganization https://support.google.com/chrome/?p=plugin_java https://crbug.com/593166, Pdf.Phishing.TtraffRobotInstall-7605656-0 00004feb58be42ba1bd506ea89f90c5e1d83e6e1fb84841931949a454b0bb539, Antivirus Detections Cryp_Xed-12 , Mal/Generic-S , Packed/Upack Yara Detections Upackv039finalDwing , UpackV037Dwing, https://pin.it/ | https://www.anyxxxtube.net/search-porn/tsara-brashears/, https://www.anyxxxtube.net/search-porn/tsara-brashears/, Telegram | Indicator: Query for .su TLD (Soviet Union) Often Malware Related PE EXE or DLL Windows file download HTTP, Telegram - https://t.me/login/***** | fFileHash-SHA256 cecaa6014e0cdc41ead0b076169175c9342a2ccc4b3e48549f88ea87ba8c034, Alerts: injection_inter_process creates_largekey network_bind persistence_autorun persistence_autorun_tasks, Alerts: spawns_dev_util cape_detected_threat injection_process_hollowing antivm_generic_services, Alerts: deletes_executed_files injection_runpe persistence_ads suspicious_command_tools anomalous_deletefile antisandbox_sleep dead_connect dynamic_function_loading resumethread_remote_process powershell_download powershell_request, *WEBSITE.WS Your Internet Address For Life, Telegram | IP 66.235.200.146 | Indicator Possible recent Mirai infection, Datacenter / Hosting / VPS Reverse DNS host77.ipowerweb.com Location United States, IDS Detections: W32/Zbot.Variant Fake MSIE 6.0 UA FormBook CnC Checkin (GET) FormBook CnC Checkin (GET) FormBook CnC Checkin (GET), User-Agent (Mozilla) - Possible Spyware Related WinHttpRequest Downloading EXE Likely Evil EXE download from WinHttpRequest non-exe extension, ASN AS13335 cloudflare DNS Resolutions, 0.0.0.0 log4shell-generic-z8lrtjkgkm4zhi6necwi.r.nessus.org, IDS: Query for .su TLD (Soviet Union) Often Malware Related PE EXE or DLL Windows file download HTTP | Not Russia - Americans Masquerading, federallegionconnbot.t.me, thevipporn.com porn25.com lowendporn.com pz7.iqg29.cn, pegasusintel.com, appleid-support.com apple-access.com appleid-support.com demo171.apple.com apple.k8s.joewa.com w-t-blu-371ac852.cloudapp.net, log4shell-generic-ammqgekxvatp3a2qyw71ten.r.nessus.org play.google.com demo171.apple.com apps.apple.com, Alleged CSAM Alleged Phishing Alleged PIIExposure, https://t.me/login/36861 = GET /login/36861 | Server: nginx/1.18.0, https://www.virustotal.com/graph/embed/g9ce2c9fcce4e40cd86c9dad48fafd8a4b2295f789a8c47c5bab33543389ec78d?theme=dark, https://www.virustotal.com/gui/collection/73bb2abd79733bc142df5a8f1d501741b63d79459a3ba76f987dd79515fd9e51/summary, https://www.virustotal.com/gui/collection/73bb2abd79733bc142df5a8f1d501741b63d79459a3ba76f987dd79515fd9e51/iocs, https://www.virustotal.com/gui/collection/73bb2abd79733bc142df5a8f1d501741b63d79459a3ba76f987dd79515fd9e51/graph, https://tria.ge/240802-w2gz4azcpc/behavioral1, https://www.virustotal.com/graph/embed/g731708921ce14aa8bbffb548afa0d3485ede2d0513b24395a238c28c12bf540b?theme=dark, https://dnstwist.it/#d4ef489c-8d0c-4b09-81da-1ec3a95a9687, https://www.amii.ca/about/, TrojanSpy:Win32/Nivdort.DE, ALF:HeraklezEval:TrojanDownloader:Win32/Unruy!rfn: FileHash-SHA256 00018d13f451300fb839123dfbf2d8607da0e7b1c89ae1bfbb9946ac79c1663c, IDS Detections: Win32/Unruy Rogue Search Host Observed 1, Yara Detections: Nrv2x , UPX_OEP_place , UPX_Modified_Or_Inside , UPX20030XMarkusOberhumerLaszloMolnarJohnReiser, Yara Detections: UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser , UPXv20MarkusLaszloReiser, Alerts: nids_malware_alert network_icmp persistence_autorun, https://www.virustotal.com/graph/embed/gf794b7e0cba442578197356822e0457b8d920ff9ea32461e85ddb716b3c771cf?theme=dark, https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/iocs, https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/graph, https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/summary, https://asnlookup.com/asn/AS852/, https://viz.greynoise.io/analysis/7a369df9-bcbf-4540-ad0f-6d52c0c55cdb, https://www.virustotal.com/graph/embed/gbe89575feac440f0b831e98562c12d0534475b1006e54221acffc624919deef7?theme=dark, https://urlscan.io/search/#page.asn%3AAS852, https://viz.greynoise.io/analysis/8be38b3f-73d9-4f4c-bb64-508ee329596e, https://dnschecker.org/asn-whois-lookup.php?query=AS852, https://mxtoolbox.com/SuperTool.aspx?action=asn%3aAS852&run=toolpage, https://viz.greynoise.io/query/AS852, https://viz.greynoise.io/query/AS852%20classification:%22malicious%22, https://ipinfo.io, https://viz.greynoise.io/analysis/1ba1e524-0d96-4cc6-9426-d01abbe75443, https://bgp.tools/as/852, https://www.ipvoid.com/whois/, https://urlscan.io/search/#asn%3A%22AS852%22, https://dnschecker.org/asn-whois-lookup.php?query=852, https://leakix.net/search?scope=leak&q=telus.com, http://ci-www.threatcrowd.org/domain.php?domain=telus.com, https://intelx.io/?s=telus.com, https://whiteintel.io/, https://inteltechniques.com/tools/Domain.html, https://informationlaundromat.com/content-search, https://urlhaus.abuse.ch/asn/852, https://bgp.he.net/AS852#_prefixes, https://dnstwist.it/#9966d7b4-2d66-4349-9129-21d2adc26c89, https://urlscan.io/search/#asn:%22AS852%22, 08.05.24 - https://viz.greynoise.io/query/AS852, https://urlscan.io/asn/AS852, https://www.telus.com/en/ab/outages?INTCMP=contactus_outage_AB_V2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/66b3cdc9971b263122bd14db, Antivirus Detections: Win.Ransomware.Cryakl-7691592-0 Alerts injection_inter_process injection_create_remote_thread cape_detected_threat injection_process_hollowing, IDS Detections: CryptoWall Check-in TLS Handshake Failure, Yara Detections: EnigmaProtector , WinRAR_SFX , xor_0x1f_This_program, Alerts: injection_inter_process injection_create_remote_thread cape_detected_threat injection_process_hollowing, CS Sigma: Matches rule CurrentVersion Autorun Keys Modification by Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), CS Sigma Rules: Matches rule Uncommon Svchost Parent Process by Florian Roth (Nextron Systems), CS Sigma Rules: Matches rule Windows Processes Suspicious Parent Directory by vburov, Privilege Escalation TA0004 Process Injection T1055 Early bird code injection technique detected, ∅ The sandbox C2AE flags this file as: RANSOM | Matches rule MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection, ∅ System process connects to network (likely due to code injection) ∅ Injects a PE file into a foreign processes, ∅ Maps a DLL or memory area into another process ∅ Queues an APC in another process (thread), ∅ Early bird code injection technique detected System process connects to network (likely due to code injection) ∅ Injects a PE file into a foreign processes ∅ Maps a DLL or memory area into another process, Matches rule ET MALWARE CryptoWall Check-in Matches rule ET INFO HTTP Request to a *.asia domain, ∅ Queues an APC in another process (thread injection), https://otx.alienvault.com/otxapi/indicators/file/screenshot/c7bfcaf9d12548e7653109601a8678c94a92abce57cbddcc04939c422d9bb348, pc.all-to-all.com, x.com, https://thebrotherssabey.wordpress.com/, acam-mdn.apple.com, beacons.bcp.gvt.com, cpcontacts.webcamara.online, http://dreamsofspanking.com/scene/item/rosie-backlash-caning?utm_campaign=apr15, http://ti.hicloudcam.com, http://alohatube.xyz/search/tsara-brashears, https://search.app.goo.gl/?ofl, Worm:Win32/Benjamin, FileHash-SHA256 00000254e6344d34a1e4ef157cb01d8b7efa65c22c996f9dfe85e7482c6c86ab, FileHash-MD5 ed5c771224fbd6f9b2c0cf1e8cce09b5, FileHash-SHA1 f336b50f5cca2ddc0341e2c4001b419a830d27a5, applemusic-spotlight.myunidays.com, nr-data.net, http://init.ess.apple.com/WebObjects/VCInit.woa/wa/getBag?ix=4, blackhat.store, api.telegram.org, cobaltstrike4.tk | https://cobaltstrike4.tk:8443/include/template/isx.php, https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/summary, https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783/iocs, https://www.virustotal.com/graph/embed/gead337f35cdd4241b225b68ff0528a3834be5d60876745fa99254ff7f8a0df22?theme=dark, https://www.virustotal.com/graph/embed/g1e31eca6803a433a9a33437d593a2bbdf979ff77c91340d1ab624d10dc8732b3?theme=dark, https://dnstwist.it/#ea665d15-6507-4057-b2c9-18a2e546ee95, https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore, https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/, https://malpedia.caad.fkie.fraunhofer.de/details/win.mydoom, https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate, https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs, https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark, https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551, https://www.blackberry.com/etc.clientlibs/bbcom/clientlibs/clientlib-etc-legacy/resources/cylance-web/global/bb-default-thumbnail-social.png, https://otx.alienvault.com/indicator/url/www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process, ALF:JASYP:TrojanDownloader:Win32/Quireap!atmn: FileHash-MD5 da9b9e892ced7ec90841d813f6e42339, ALF:JASYP:TrojanDownloader:Win32/Quireap!atmn: FileHash-SHA1 48dc18f70b2dfdf554e8247eb9e4a8910e19bd3b, ALF:JASYP:TrojanDownloader:Win32/Quireap!atmn: FileHash-SHA256 215fbe9cf76ccbdde60eaa66538edeecadb844078b4379e66cacb83c7ac05690, ALF:JASYP:TrojanDownloader:Win32/Quireap!atmn: FileHash-SHA256 18f62aec151e9f17c55987f80ed1244d9812895018d2bc931df083fb846a52dc, Trojan:Win32/Zombie.A: FileHash-SHA256: 72bd98a9157afcd3ae38b60a7cf3ae4f23d6bb069a7aa7be7080b6967a6cf0cc, Trojan:Win32/Zombie.A: FileHash-MD5: 36b71d23ca7553fb9db0730e56e6bf77, Trojan:Win32/Zombie.A: FileHash-SHA1: 1fa3519b200cf5078c1c6c7df1cf44cd747c2320, Alerts: creates_largekey script_created_process antisandbox_mouse_hook antivm_generic_disk dead_connect, Alerts: infostealer_cookies infostealer_keylog persistence_ads suspicious_command_tools anomalous_deletefile, IDS Detections: Terse HTTP 1.0 Request Possible Nivdort W32/Bayrob Attempted Checkin 403 Forbidden, TrojanSpy:Win32/Nivdort.CW: FileHash-SHA256 3744b06ebb5465c1b3601abc9899e0448c3bb53e81ad6a3101780ab94931ba69, TrojanSpy:Win32/Nivdort.CW: FileHash-SHA1 ad560bee21bf7aefc1f1a1be2762d852c7301c07, TrojanSpy:Win32/Nivdort.CW: FileHash-MD5 9d6de961a498f831acb63c95e7b2ff0c, Bayrob: FileHash-SHA256 3744b06ebb5465c1b3601abc9899e0448c3bb53e81ad6a3101780ab94931ba69, Bayrob: FileHash-SHA1 ad560bee21bf7aefc1f1a1be2762d852c7301c07, Bayrob: FileHash-MD5 871f1532a8f0f9cf9ec3e82b5da3a120, Domains Contacted: bettercaught.net electricstrong.net recordtrouble.net electrictrouble.net recordpresident.net, Domains Contacted: electricpresident.net recordcaught.net electriccaught.net streetstrong.net tradestrong.net, https://otx.alienvault.com/indicator/file/72bd98a9157afcd3ae38b60a7cf3ae4f23d6bb069a7aa7be7080b6967a6cf0cc, trojan.cosmu/xpiro - 960879004e1059a9e7eaca7b95f45ab9baf8f5b905e2714f1c65f92244396758, Matches rule SUSP_Imphash_Mar23_2 from ruleset gen_imphash_detection by Arnim Rupp (https://github.com/ruppde), Malware Behavior Catalog: Defense Evasion OB0006 • Delayed Execution B0003.003 • Move File C0063 • Process Environment Block B0001.019, Malware Behavior Catalog: Dynamic Analysis Evasion B0003 • Create File C0016 • Create Process C0017 • Create Thread C0038, Malware Behavior Catalog: Operating System OC0008 • Environment Variable C0034 • Self Deletion F0007 • : Tree Anti-Behavioral Analysis, Malware Behavior Catalog: System Information Discovery E1082 • File and Directory Discovery E1083 • Execution OB0009 • File System OC0001, Malware Behavior Catalog: COMSPEC Environment Variable F0007.001 • Install Additional Program B0023 • Delete File C0047 •, Malware Behavior Catalog: Tree Anti-Behavioral Analysis: C0017 Create Thread • C0038 Operating System • Debugger Detection B0001, Malware Behavior Catalog: Get File Attributes C0049 • Set File Attributes C0050 • Read File C0051 • Writes File C0052, Malware Behavior Catalog: Tree Anti-Behavioral: Environment Variable C0034 • Anti-Behavioral Analysis OB0001 • Process OC0003, Bayrob: 3744b06ebb5465c1b3601abc9899e0448c3bb53e81ad6a3101780ab94931ba69 ef55e2c918f9678e97037d5505b0c8a3.virus, Matches rule ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz, Matches rule ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses, Matches rule ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst, Matches rule PROTOCOL-ICMP PING Windows Matches rule PROTOCOL-ICMP Unusual PING detected Matches rule PROTOCOL-ICMP, http://Object.prototype.hasOwnProperty.call, Tulach! It's been a minute - 114.114.114.114, What's going on here judiciary? Karen - cisa.gov? e.final, f.search schema.org t.final, ACTIVE Emails: [email protected] • CISA.GOV Status • schoolsafety.gov • power2prevent.gov • [email protected], [https://cisa gov] https://otx.alienvault.com/indicator/ip/92.123.203.73 • https://otx.alienvault.com/indicator/hostname/hq.dhs.gov, [cisa gov] https://otx.alienvault.com/indicator/domain/cisa.gov • [hq.dhs.gov] https://otx.alienvault.com/indicator/hostname/hq.dhs.gov, [dhs gov] https://otx.alienvault.com/indicator/domain/dhs.gov • https://otx.alienvault.com/indicator/url/https:%2F%2Fwww.cisa.gov%2Fcybersecurity-advisories%2Fics-advisories.xml, Alerts: (cisa gov) ransomware_file_modifications script_created_process antisandbox_mouse_hook antivm_generic_disk infostealer_cookies suspicious_command_tools antidebug_guardpages dynamic_function_loading reads_self stealth_window, https://otx.alienvault.com/indicator/domain/asp.net • https://otx.alienvault.com/indicator/hostname/ts1.mm.bing.net, Security Contact Email: [email protected] •ACTIVE Domain Name: DHS.GOV, https://otx.alienvault.com/indicator/url/http://accounts-upadates-informations-services-login-customer-id.marketingplus1.com/itunes, Relationship: Louisiana Cyber Investigators Alliance (LCIA), https://otx.alienvault.com/indicator/url/http://dashboard.loki.com/files/LokiApplet.jar, Ransomware: https://www.bitdefender.com.au/blog/businessinsights/hive-ransomwares-offspring-hunters-international-takes-the-stage, Emotet: IPv4 104.18.41.100 | IPv4 104.18.45.108, Server: Web redirection - http://loki.com/download, Phishing: http://forms.sonymusicfans.com/campaign/old-dominion-newsletter-sign-up/?ss=0, Phishing: https://forms.sonymusicfans.com/campaign/jazmine-sullivan-heaux-tails-pre-save/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 10 days ago
Appeared in 6 threat reports