IOC Report
https://anz.pfm.law/go/xmKDa5CjvX27AwGjR5C3/

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 101
JSON data
downloaded
Chrome Cache Entry: 102
ASCII text, with very long lines (854)
dropped
Chrome Cache Entry: 103
Web Open Font Format (Version 2), TrueType, length 37828, version 1.0
downloaded
Chrome Cache Entry: 104
ASCII text, with very long lines (1004)
downloaded
Chrome Cache Entry: 105
ASCII text, with very long lines (554)
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (1572)
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (554)
dropped
Chrome Cache Entry: 108
ASCII text, with very long lines (65245)
dropped
Chrome Cache Entry: 109
ASCII text, with very long lines (945)
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (65326)
downloaded
Chrome Cache Entry: 111
ASCII text, with very long lines (1004)
dropped
Chrome Cache Entry: 112
ASCII text, with very long lines (945)
dropped
Chrome Cache Entry: 113
ASCII text, with very long lines (65245)
downloaded
Chrome Cache Entry: 69
ASCII text, with very long lines (62161)
downloaded
Chrome Cache Entry: 70
ASCII text, with very long lines (10643)
dropped
Chrome Cache Entry: 71
ASCII text
downloaded
Chrome Cache Entry: 72
MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
dropped
Chrome Cache Entry: 73
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 74
ASCII text, with very long lines (10635)
downloaded
Chrome Cache Entry: 75
ASCII text, with very long lines (1750), with no line terminators
dropped
Chrome Cache Entry: 76
ASCII text, with very long lines (10696)
dropped
Chrome Cache Entry: 77
MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
downloaded
Chrome Cache Entry: 78
ASCII text, with very long lines (854)
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (10635)
dropped
Chrome Cache Entry: 80
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 81
JSON data
dropped
Chrome Cache Entry: 82
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 83
ASCII text, with very long lines (62161)
dropped
Chrome Cache Entry: 84
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 85
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 86
ASCII text
downloaded
Chrome Cache Entry: 87
Java source, ASCII text
dropped
Chrome Cache Entry: 88
ASCII text, with very long lines (10643)
downloaded
Chrome Cache Entry: 89
ASCII text, with very long lines (52269), with CRLF line terminators
downloaded
Chrome Cache Entry: 90
ASCII text, with very long lines (1750), with no line terminators
downloaded
Chrome Cache Entry: 91
JSON data
downloaded
Chrome Cache Entry: 92
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 93
ASCII text, with very long lines (545)
downloaded
Chrome Cache Entry: 94
ASCII text
downloaded
Chrome Cache Entry: 95
ASCII text, with very long lines (10696)
downloaded
Chrome Cache Entry: 96
ASCII text, with very long lines (545)
dropped
Chrome Cache Entry: 97
Java source, ASCII text
downloaded
Chrome Cache Entry: 98
ASCII text
downloaded
Chrome Cache Entry: 99
JSON data
dropped
There are 36 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2200,i,2661925225389726080,10877470526721508930,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://anz.pfm.law/go/xmKDa5CjvX27AwGjR5C3/"

URLs

Name
IP
Malicious
https://anz.pfm.law/go/xmKDa5CjvX27AwGjR5C3/
https://anz.pfm.law/_blazor/negotiate?negotiateVersion=1
108.158.75.57
https://anz.pfm.law/_content/Blazorise.Bootstrap/blazorise.bootstrap.css?v=e885d280990662f66b61148288096ad1f68da9cf8d3a55b57281cf67a0d581ee
108.158.75.57
http://www.broofa.com
unknown
https://developers.google.com/recaptcha/docs/faq#localhost_support
unknown
https://github.com/szimek/signature_pad
unknown
http://g.co/dev/maps-no-account
unknown
https://support.google.com/recaptcha#6262736
unknown
https://anz.pfm.law/_content/Blazorise.Icons.FontAwesome/v6/css/all.min.css?v=e885d280990662f66b61148288096ad1f68da9cf8d3a55b57281cf67a0d581ee
108.158.75.57
https://planetcalc.com/7779
unknown
https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid-5a5980d4.js
151.101.65.229
https://gist.github.com/mjackson/5311256
unknown
https://developers.google.com/maps/documentation/javascript/error-messages#unsupported-browsers
unknown
https://anz.pfm.law/_blazor?id=pK0fipVt-34eDd4VgEtMgw
108.158.75.57
https://anz.pfm.law/_content/CaseFunnel.CaseSites.Controls/CaseFunnel.CaseSites.Controls.bundle.scp.css
108.158.75.57
https://goo.gle/js-open-now.
unknown
https://support.google.com/recaptcha/?hl=en#6223828
unknown
https://cloud.google.com/contact
unknown
https://fontawesome.com/license/free
unknown
https://developers.google.com/maps/documentation/javascript/libraries
unknown
https://fontawesome.com
unknown
https://www.google.com
unknown
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/bootstrap.min.js
151.101.65.229
https://anz.pfm.law/_blazor?id=pK0fipVt-34eDd4VgEtMgw&_=1732579308595
108.158.75.57
https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.slim.min.js
151.101.65.229
https://www.recaptcha.net/recaptcha/api2/
unknown
https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/bootstrap.min.css
151.101.65.229
https://support.google.com/recaptcha/#6175971
unknown
https://goo.gle/js-api-loading
unknown
https://support.google.com/contributionpolicy/answer/7422880
unknown
https://developer.mozilla.org/docs/Web/API/EventTarget/addEventListener
unknown
https://support.google.com/maps/answer/3092445
unknown
https://www.google.com/recaptcha/api2/
unknown
https://cases.au.casefunnel.io/pfm_brisbane/live/favicon.ico?v=e885d280990662f66b61148288096ad1f68da9cf8d3a55b57281cf67a0d581ee
13.227.8.109
https://developers.google.com/maps/documentation/javascript/styling#cloud_tooling
unknown
https://support.google.com/recaptcha
unknown
https://support.google.com/fusiontables/answer/9185417).
unknown
https://developers.google.com/maps/deprecations
unknown
https://cdn.jsdelivr.net/npm/signature_pad@4.0.4/dist/signature_pad.umd.min.js
151.101.65.229
https://github.com/twbs/bootstrap/blob/main/LICENSE)
unknown
https://www.yaml.org/spec/1.2/spec.html#id2803231
unknown
https://github.com/nodeca/js-yaml
unknown
https://cloud.google.com/recaptcha-enterprise/billing-information
unknown
https://developers.google.com/maps/documentation/javascript/error-messages#
unknown
https://anz.pfm.law/_framework/blazor.web.js
108.158.75.57
https://anz.pfm.law/_content/Blazorise.SpinKit/blazorise.spinkit.css?v=e885d280990662f66b61148288096ad1f68da9cf8d3a55b57281cf67a0d581ee
108.158.75.57
https://getbootstrap.com/)
unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://anz.pfm.law/_content/Blazorise.LoadingIndicator/blazorise.loadingindicator.css?v=e885d280990662f66b61148288096ad1f68da9cf8d3a55b57281cf67a0d581ee
108.158.75.57
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
unknown
https://anz.pfm.law/CaseFunnel.CaseSites.Host.styles.css?v=e885d280990662f66b61148288096ad1f68da9cf8d3a55b57281cf67a0d581ee
108.158.75.57
https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs
151.101.65.229
https://developers.google.com/maps/documentation/javascript/versions#beta-channel
unknown
https://anz.pfm.law/_content/Blazorise.Snackbar/blazorise.snackbar.css?v=e885d280990662f66b61148288096ad1f68da9cf8d3a55b57281cf67a0d581ee
108.158.75.57
https://goo.gle/js-open-now
unknown
https://anz.pfm.law/_content/Blazorise/blazorise.css?v=e885d280990662f66b61148288096ad1f68da9cf8d3a55b57281cf67a0d581ee
108.158.75.57
https://developers.google.com/maps/documentation/javascript/advanced-markers/migration
unknown
https://www.google.com/maps/dir/
unknown
https://www.gstatic.c..?/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__.
unknown
https://github.com/Simonwep/pickr
unknown
https://anz.pfm.law/_blazor?id=XV31ZbJYMyP6SAXIY6UZnw
108.158.75.57
https://anz.pfm.law/_blazor?id=pK0fipVt-34eDd4VgEtMgw&_=1732579305386
108.158.75.57
https://anz.pfm.law/_blazor/initializers
108.158.75.57
https://anz.pfm.law/go/xmKDa5CjvX27AwGjR5C3/
There are 55 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
anz.pfm.law
unknown
 malicious
jsdelivr.map.fastly.net
151.101.65.229
d1aqjsl8x3ggu4.cloudfront.net
108.158.75.57
www.recaptcha.net
172.217.19.227
d3jw5edstn5jte.cloudfront.net
13.227.8.109
www.google.com
172.217.21.36
cases.au.casefunnel.io
unknown
cdn.jsdelivr.net
unknown

IPs

IP
Domain
Country
Malicious
151.101.1.229
unknown
United States
172.217.19.227
www.recaptcha.net
United States
151.101.65.229
jsdelivr.map.fastly.net
United States
192.168.2.4
unknown
unknown
108.158.75.57
d1aqjsl8x3ggu4.cloudfront.net
United States
239.255.255.250
unknown
Reserved
13.227.8.67
unknown
United States
172.217.21.36
www.google.com
United States
13.227.8.109
d3jw5edstn5jte.cloudfront.net
United States

DOM / HTML

URL
Malicious
https://anz.pfm.law/go/xmKDa5CjvX27AwGjR5C3/