IOC Report
https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 193
PNG image data, 82 x 258, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 194
ASCII text, with very long lines (17673)
downloaded
Chrome Cache Entry: 195
PNG image data, 222 x 204, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 196
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 197
ASCII text, with very long lines (8349), with no line terminators
downloaded
Chrome Cache Entry: 198
ASCII text, with very long lines (11364), with no line terminators
downloaded
Chrome Cache Entry: 199
Unicode text, UTF-8 text, with very long lines (29822)
downloaded
Chrome Cache Entry: 200
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 201
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 202
ASCII text, with very long lines (631)
downloaded
Chrome Cache Entry: 203
JSON data
downloaded
Chrome Cache Entry: 204
JSON data
downloaded
Chrome Cache Entry: 205
GIF image data, version 89a, 24 x 24
downloaded
Chrome Cache Entry: 206
JSON data
downloaded
Chrome Cache Entry: 207
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
downloaded
Chrome Cache Entry: 208
ASCII text, with very long lines (59980)
downloaded
Chrome Cache Entry: 209
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 210
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
dropped
Chrome Cache Entry: 211
ASCII text, with very long lines (59981)
downloaded
Chrome Cache Entry: 212
JSON data
downloaded
Chrome Cache Entry: 213
JSON data
dropped
Chrome Cache Entry: 214
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 215
Unicode text, UTF-8 text, with very long lines (56400)
downloaded
Chrome Cache Entry: 216
PNG image data, 452 x 444, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 217
ASCII text, with very long lines (4420)
downloaded
Chrome Cache Entry: 218
ASCII text, with very long lines (14666), with no line terminators
downloaded
Chrome Cache Entry: 219
JSON data
downloaded
Chrome Cache Entry: 220
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 221
JSON data
dropped
Chrome Cache Entry: 222
ASCII text, with very long lines (65457)
downloaded
Chrome Cache Entry: 223
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 224
JSON data
downloaded
Chrome Cache Entry: 225
JSON data
dropped
Chrome Cache Entry: 226
Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
downloaded
Chrome Cache Entry: 227
JSON data
dropped
Chrome Cache Entry: 228
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
downloaded
Chrome Cache Entry: 229
ASCII text, with very long lines (1836)
downloaded
Chrome Cache Entry: 230
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 231
GIF image data, version 89a, 10 x 10
downloaded
Chrome Cache Entry: 232
MS Windows cursor resource - 1 icon, 32x32, hotspot @16x21
downloaded
Chrome Cache Entry: 233
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 234
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 235
JSON data
dropped
Chrome Cache Entry: 236
ASCII text, with very long lines (41569), with no line terminators
downloaded
Chrome Cache Entry: 237
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 238
very short file (no magic)
dropped
Chrome Cache Entry: 239
ASCII text, with very long lines (7381)
downloaded
Chrome Cache Entry: 240
Web Open Font Format, TrueType, length 151924, version 0.0
downloaded
Chrome Cache Entry: 241
JSON data
dropped
Chrome Cache Entry: 242
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
Chrome Cache Entry: 243
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 244
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 245
PNG image data, 222 x 204, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 246
Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
downloaded
Chrome Cache Entry: 247
MS Windows cursor resource - 1 icon, 32x32, hotspot @16x21
dropped
Chrome Cache Entry: 248
ASCII text, with very long lines (9332)
downloaded
Chrome Cache Entry: 249
ASCII text, with very long lines (24306), with CRLF line terminators
downloaded
Chrome Cache Entry: 250
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
downloaded
Chrome Cache Entry: 251
ASCII text, with very long lines (61584), with CRLF line terminators
downloaded
Chrome Cache Entry: 252
ASCII text, with very long lines (29629)
downloaded
Chrome Cache Entry: 253
ASCII text, with very long lines (30497), with no line terminators
downloaded
Chrome Cache Entry: 254
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 255
HTML document, ASCII text, with very long lines (6449), with CRLF line terminators
downloaded
Chrome Cache Entry: 256
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 257
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 258
JSON data
downloaded
Chrome Cache Entry: 259
JSON data
dropped
Chrome Cache Entry: 260
ASCII text, with very long lines (64762), with CRLF line terminators
downloaded
Chrome Cache Entry: 261
JSON data
downloaded
Chrome Cache Entry: 262
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 263
ASCII text, with very long lines (35371)
downloaded
Chrome Cache Entry: 264
very short file (no magic)
dropped
Chrome Cache Entry: 265
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 266
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 267
Unicode text, UTF-8 text, with very long lines (12695)
downloaded
Chrome Cache Entry: 268
ASCII text, with very long lines (1222), with no line terminators
downloaded
Chrome Cache Entry: 269
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 270
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 271
JSON data
dropped
Chrome Cache Entry: 272
ASCII text, with very long lines (2224), with no line terminators
downloaded
Chrome Cache Entry: 273
very short file (no magic)
downloaded
Chrome Cache Entry: 274
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 275
JSON data
dropped
Chrome Cache Entry: 276
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 277
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 278
JSON data
downloaded
Chrome Cache Entry: 279
ASCII text, with very long lines (2997)
downloaded
Chrome Cache Entry: 280
ASCII text, with very long lines (31038), with no line terminators
downloaded
Chrome Cache Entry: 281
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 282
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 283
JSON data
dropped
Chrome Cache Entry: 284
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 285
JSON data
downloaded
Chrome Cache Entry: 286
ASCII text, with very long lines (58564)
downloaded
Chrome Cache Entry: 287
ASCII text, with very long lines (1224), with no line terminators
downloaded
Chrome Cache Entry: 288
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 289
ASCII text, with very long lines (570)
downloaded
Chrome Cache Entry: 290
JSON data
downloaded
Chrome Cache Entry: 291
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 292
ASCII text, with very long lines (22115)
downloaded
Chrome Cache Entry: 293
ASCII text, with very long lines (563)
downloaded
Chrome Cache Entry: 294
Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
downloaded
Chrome Cache Entry: 295
ASCII text, with very long lines (631)
downloaded
Chrome Cache Entry: 296
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 297
JSON data
downloaded
Chrome Cache Entry: 298
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 299
ASCII text, with very long lines (22549), with no line terminators
downloaded
Chrome Cache Entry: 300
Web Open Font Format, TrueType, length 6784, version 3.30147
downloaded
Chrome Cache Entry: 301
ASCII text, with very long lines (43031)
downloaded
Chrome Cache Entry: 303
ASCII text, with very long lines (27024), with CRLF line terminators
downloaded
Chrome Cache Entry: 304
ASCII text, with very long lines (63603)
downloaded
Chrome Cache Entry: 305
ASCII text, with very long lines (56412), with no line terminators
downloaded
Chrome Cache Entry: 306
ASCII text, with very long lines (665)
downloaded
Chrome Cache Entry: 307
MS Windows cursor resource - 1 icon, 32x32, hotspot @16x16
dropped
Chrome Cache Entry: 308
JSON data
dropped
Chrome Cache Entry: 309
JSON data
dropped
Chrome Cache Entry: 310
JSON data
dropped
Chrome Cache Entry: 311
very short file (no magic)
downloaded
Chrome Cache Entry: 312
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 313
JSON data
dropped
Chrome Cache Entry: 314
ASCII text, with very long lines (17673)
downloaded
Chrome Cache Entry: 315
ASCII text, with very long lines (5949), with no line terminators
downloaded
Chrome Cache Entry: 316
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 317
ASCII text, with very long lines (673)
downloaded
Chrome Cache Entry: 319
ASCII text, with very long lines (30663)
downloaded
Chrome Cache Entry: 320
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 321
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 322
Unicode text, UTF-8 (with BOM) text, with very long lines (18992), with CRLF line terminators
downloaded
Chrome Cache Entry: 323
GIF image data, version 89a, 24 x 24
dropped
Chrome Cache Entry: 324
ASCII text, with very long lines (65394)
downloaded
Chrome Cache Entry: 325
ASCII text, with very long lines (1922), with no line terminators
downloaded
Chrome Cache Entry: 326
PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 327
PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 328
ASCII text, with very long lines (631)
downloaded
Chrome Cache Entry: 329
ASCII text, with very long lines (3527), with no line terminators
downloaded
Chrome Cache Entry: 330
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 331
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 332
Unicode text, UTF-8 text, with very long lines (65308), with no line terminators
downloaded
Chrome Cache Entry: 333
very short file (no magic)
downloaded
Chrome Cache Entry: 334
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
downloaded
Chrome Cache Entry: 335
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 336
ASCII text, with very long lines (65451)
downloaded
Chrome Cache Entry: 337
ASCII text, with very long lines (41116)
downloaded
Chrome Cache Entry: 338
JSON data
dropped
Chrome Cache Entry: 339
ASCII text, with very long lines (64817)
downloaded
Chrome Cache Entry: 340
ASCII text, with very long lines (20946), with CRLF line terminators
downloaded
Chrome Cache Entry: 341
ASCII text, with very long lines (20116), with no line terminators
downloaded
Chrome Cache Entry: 342
ASCII text, with very long lines (11667), with no line terminators
downloaded
Chrome Cache Entry: 343
ASCII text, with very long lines (7790)
downloaded
Chrome Cache Entry: 344
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 345
very short file (no magic)
dropped
Chrome Cache Entry: 346
ASCII text, with very long lines (20082), with no line terminators
downloaded
Chrome Cache Entry: 347
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 348
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 349
ASCII text, with very long lines (1929), with no line terminators
downloaded
Chrome Cache Entry: 350
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 351
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
downloaded
Chrome Cache Entry: 352
ASCII text, with very long lines (32011), with CRLF line terminators
downloaded
Chrome Cache Entry: 353
PNG image data, 82 x 258, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 354
MS Windows cursor resource - 1 icon, 32x32, hotspot @16x16
downloaded
Chrome Cache Entry: 355
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 356
JSON data
dropped
Chrome Cache Entry: 357
ASCII text, with very long lines (38089), with no line terminators
downloaded
Chrome Cache Entry: 358
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 359
ASCII text, with very long lines (59654)
downloaded
Chrome Cache Entry: 360
Unicode text, UTF-8 text, with very long lines (65340), with no line terminators
downloaded
Chrome Cache Entry: 361
GIF image data, version 89a, 10 x 10
dropped
Chrome Cache Entry: 362
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 363
ASCII text, with very long lines (65443)
downloaded
Chrome Cache Entry: 364
ASCII text, with very long lines (20551), with no line terminators
downloaded
Chrome Cache Entry: 365
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 366
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 367
Web Open Font Format, TrueType, length 2944, version 4.30147
downloaded
Chrome Cache Entry: 368
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 369
ASCII text, with very long lines (35239), with CRLF line terminators
downloaded
Chrome Cache Entry: 370
PNG image data, 452 x 444, 8-bit/color RGBA, non-interlaced
dropped
There are 167 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2012,i,8703808691657293338,11271876919328152257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm"

URLs

Name
IP
Malicious
https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm
malicious
https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm
13.107.136.10
 malicious
https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=latest&market=EN-US&wrapperId=suiteshell
13.107.246.41
https://www.onenote.com/officeaddins/meetings?ui=pt-BR&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=fil-PH&temporaryLocalization=true
unknown
https://code.jquery.com/jquery-3.6.0.min.js
151.101.194.137
https://developers.google.com/recaptcha/docs/faq#localhost_support
unknown
https://www.onenote.com/officeaddins/meetings?ui=yo-NG&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=az-Latn-AZ&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=hy-AM&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=is-IS&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=mi-NZ&temporaryLocalization=true
unknown
https://support.google.com/recaptcha#6262736
unknown
https://www.onenote.com/officeaddins/meetings?ui=ja-JP&temporaryLocalization=true
unknown
https://usigroups-my.sharepoint.com/personal/js_usigroups_com/_layouts/15/Doc.aspx?sourcedoc={4275c7cd-9559-49b5-9e00-8913e67b2426}&action=view&wd=target%28Payment%20Remittance.one%7C4915276f-778f-4e3a-9738-7cef3746a84f%2FA%20Secure%20File%20Has%20Been%20Shared%20With%20You%7Cb9cca014-4b79-4e4c-ac2d-33a8409af9ce%2F%29&wdorigin=NavigationUrl
https://catalogapi.azure.com/
unknown
https://www.onenote.com/officeaddins/RemoteUls.ashx
13.107.246.69
https://www.onenote.com/officeaddins/meetings?ui=bg-BG&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=rw-RW&temporaryLocalization=true
unknown
about:blank
https://support.google.com/recaptcha/?hl=en#6223828
unknown
https://aka.ms/OfficeAddinOverview
unknown
https://attributes.engagement.officeppe.com
unknown
https://www.onenote.com/officeaddins/meetings?ui=kok-IN&temporaryLocalization=true
unknown
https://aka.ms/MathAssistantSupport?client_id=onenote_wac&platform_id=web&correlation_id=
unknown
https://www.onenote.com/officeaddins/meetings?ui=pa-Arab-PK&temporaryLocalization=true
unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs
http://www.opensource.org/licenses/mit-license.php
unknown
https://www.onenote.com/officeaddins/meetings?ui=ky-KG&temporaryLocalization=true
unknown
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA7MmaaXs6MoyMD0u-3j4jqR4mQ6pB-5cQII2R4wVQ0vHzppYhvDZKreLSkB4OwOV-5pOFNqTd6iJxdKG_MYtUqBMj3wZ-tBh-9F5I2bvJN9LY6Mwih7HGi6O154fIZZt0SqnIYLIPXudwwQ1ZDCUWJJ6rPXRJhkkAWRxcM_cIKsXcw9jzjy-POTft2040Slxkv8vdNv&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC
142.250.217.228
https://twitter.com
unknown
https://www.onenote.com/officeaddins/meetings?ui=hr-HR&temporaryLocalization=true
unknown
https://support.google.com/recaptcha/#6175971
unknown
https://www.onenote.com/officeaddins/meetings?ui=sk-SK&temporaryLocalization=true
unknown
https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
unknown
https://www.onenote.com/officeaddins/meetings?ui=hu-HU&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=ca-ES-valencia&temporaryLocalization=true
unknown
https://mths.be/punycode
unknown
https://www.onenote.com/officeaddins/meetings?ui=ka-GE&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=da-DK&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=tk-TM&temporaryLocalization=true
unknown
https://attributes.engagement.office-int.com
unknown
https://support.google.com/recaptcha
unknown
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js
13.107.213.41
https://www.onenote.com/officeaddins/meetings?ui=et-EE&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=ug-CN&temporaryLocalization=true
unknown
https://my.microsoftpersonalcontent.com
unknown
https://www.onenote.com/officeaddins/meetings
unknown
https://www.onenote.com/officeaddins/meetings?ui=mt-MT&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=sr-Latn-RS&temporaryLocalization=true
unknown
https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?rtime=_zl3wMZl3Eg
https://www.onenote.com/officeaddins/meetings?ui=ne-NP&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=ru-RU&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=sl-SI&temporaryLocalization=true
unknown
https://forms.office.com
unknown
https://www.onenote.com/officeaddins/meetings?ui=bn-BD&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=ko-KR&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=vi-VN&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=th-TH&temporaryLocalization=true
unknown
https://www.apache.org/licenses/
unknown
https://forms.office.com/Pages/OneNoteMathAddinFunctionPage.aspx
unknown
https://www.onenote.com/officeaddins/meetings?ui=af-ZA&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=mr-IN&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=el-GR&temporaryLocalization=true
unknown
https://augloop-int.officeppe.com/v2
unknown
https://1drv.ms
unknown
https://aka.ms/Officeaddins
unknown
https://www.onenote.com/officeaddins/meetings?ui=zh-CN&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=mn-MN&temporaryLocalization=true
unknown
https://www.google.com/favicon.ico
172.217.3.68
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
unknown
https://www.onenote.com
unknown
https://www.onenote.com/officeaddins/meetings?ui=kk-KZ&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=ro-RO&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=it-IT&temporaryLocalization=true
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
https://consent.config.office.com/consentcheckin/v1.0/consents
unknown
https://www.onenote.com/officeaddins/meetings?ui=cs-CZ&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=as-IN&temporaryLocalization=true
unknown
https://fa000000096.resources.office.net
unknown
https://www.onenote.com/officeaddins/meetings?ui=pl-PL&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=prs-AF&temporaryLocalization=true
unknown
https://common.online.office.com/suite/RemoteUls.ashx?usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&officeserverversion=20240424.1
52.108.9.12
https://www.onenote.com/officeaddins/meetings?ui=en-US&temporaryLocalization=true
unknown
https://www.google.com/recaptcha/api2/reload?k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC
142.250.217.228
https://www.onenote.com/officeaddins/meetings?ui=sv-SE&temporaryLocalization=true
unknown
https://github.com/js-cookie/js-cookie
unknown
https://www.onenote.com/officeaddins/meetings?ui=ha-Latn-NG&temporaryLocalization=true
unknown
https://4odq.cxnev1.ru/favicon.ico
172.67.173.130
https://www.onenote.com/officeaddins/meetings?ui=nl-NL&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=uk-UA&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=uz-Latn-UZ&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=be-BY&temporaryLocalization=true
unknown
https://www.onenote.com/officeaddins/meetings?ui=km-KH&temporaryLocalization=true
unknown
https://support.office.com/article/7afcb4f3-4aa2-443a-9b08-125a5d692576
unknown
https://www.onenote.com/officeaddins/meetings?ui=ta-IN&temporaryLocalization=true
unknown
https://www.google.com/
172.217.3.68
https://yo5.6gniu68.ru/vqyevmnspgsjgnxfpdshehidRBNanscfjAERXGCWEIDBUCORZFGRYIPNOYEUB
172.67.144.70
https://support.office.com/article/ec43ed03-eb3c-4a10-8d9d-e9e5433c9ed2
unknown
https://www.onenote.com/officeaddins/meetings?ui=gu-IN&temporaryLocalization=true
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
dual-spo-0005.spo-msedge.net
13.107.136.10
a.nel.cloudflare.com
35.190.80.1
4odq.cxnev1.ru
172.67.173.130
fdexa.nhol.ru
104.21.67.35
yo5.6gniu68.ru
172.67.144.70
fp2e7a.wpc.phicdn.net
192.229.211.108
wac-0003.wac-msedge.net
52.108.8.12
bg.microsoft.map.fastly.net
199.232.210.172
part-0013.t-0009.t-msedge.net
13.107.246.41
code.jquery.com
151.101.194.137
fnfi.kewtdz.ru
172.67.209.50
part-0041.t-0009.t-msedge.net
13.107.246.69
www.google.com
172.217.3.68
sni1gl.wpc.sigmacdn.net
152.195.19.97
js.monitor.azure.com
unknown
usigroups-my.sharepoint.com
unknown
augloop.office.com
unknown
storage.live.com
unknown
ajax.aspnetcdn.com
unknown
m365cdn.nel.measure.office.net
unknown
onenoteonline.nel.measure.office.net
unknown
common.online.office.com
unknown
amcdn.msftauth.net
unknown
spoprod-a.akamaihd.net
unknown
www.onenote.com
unknown
messaging.engagement.office.com
unknown
There are 16 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
13.107.246.41
part-0013.t-0009.t-msedge.net
United States
172.67.209.50
fnfi.kewtdz.ru
United States
192.168.2.4
unknown
unknown
52.108.9.12
unknown
United States
13.107.213.41
unknown
United States
172.67.211.217
unknown
United States
35.190.80.1
a.nel.cloudflare.com
United States
142.250.217.228
unknown
United States
104.21.67.35
fdexa.nhol.ru
United States
239.255.255.250
unknown
Reserved
172.67.173.130
4odq.cxnev1.ru
United States
13.107.136.10
dual-spo-0005.spo-msedge.net
United States
13.107.246.69
part-0041.t-0009.t-msedge.net
United States
152.195.19.97
sni1gl.wpc.sigmacdn.net
United States
104.21.95.100
unknown
United States
172.217.3.68
www.google.com
United States
151.101.194.137
code.jquery.com
United States
52.108.8.12
wac-0003.wac-msedge.net
United States
142.250.64.196
unknown
United States
172.67.144.70
yo5.6gniu68.ru
United States
There are 10 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://4odq.cxnev1.ru/1L9z9v39/
 malicious
https://4odq.cxnev1.ru/1L9z9v39/
 malicious
https://4odq.cxnev1.ru/1L9z9v39/
 malicious
https://4odq.cxnev1.ru/1L9z9v39/
 malicious
https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?rtime=_zl3wMZl3Eg
https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fusigroups-my.sharepoint.com%22%2C%22pmshare%22%3Atrue%7D&wdorigin=Sharing.ClientRedirect&wdhostclicktime=1714118346761&jsapi=1&jsapiver=v1&newsession=1&corrid=d19e0541-59c5-9a5e-8e10-18de22c9153f&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&sftc=1&sams=1&cac=1&mtf=1&sfp=1&hch=1&hwfh=1&readonly=1&uihit=docaspx&muv=1&wdredirectionreason=Force_SingleStepBoot&rct=Normal&ctp=LeastProtected
https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fusigroups-my.sharepoint.com%22%2C%22pmshare%22%3Atrue%7D&wdorigin=Sharing.ClientRedirect&wdhostclicktime=1714118346761&jsapi=1&jsapiver=v1&newsession=1&corrid=d19e0541-59c5-9a5e-8e10-18de22c9153f&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&sftc=1&sams=1&cac=1&mtf=1&sfp=1&hch=1&hwfh=1&readonly=1&uihit=docaspx&muv=1&wdredirectionreason=Force_SingleStepBoot&rct=Normal&ctp=LeastProtected
https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fusigroups-my.sharepoint.com%22%2C%22pmshare%22%3Atrue%7D&wdorigin=Sharing.ClientRedirect&wdhostclicktime=1714118346761&jsapi=1&jsapiver=v1&newsession=1&corrid=d19e0541-59c5-9a5e-8e10-18de22c9153f&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&sftc=1&sams=1&cac=1&mtf=1&sfp=1&hch=1&hwfh=1&readonly=1&uihit=docaspx&muv=1&wdredirectionreason=Force_SingleStepBoot&rct=Normal&ctp=LeastProtected
https://usc-onenote.officeapps.live.com/o/onenoteframe.aspx?ui=en-US&rs=en-US&wopisrc=https%3A%2F%2Fusigroups-my.sharepoint.com%2Fpersonal%2Fjs_usigroups_com%2F_vti_bin%2Fwopi.ashx%2Ffolders%2F4275c7cd955949b59e008913e67b2426&wdenableroaming=1&mscc=1&wdodb=1&hid=72B922A1-508D-5000-1E3F-AB9FC2BA975E.0&uih=sharepointcom&wdlcid=en-US&dchat=1&sc=%7B%22pmo%22%3A%22https%3A%2F%2Fusigroups-my.sharepoint.com%22%2C%22pmshare%22%3Atrue%7D&wdorigin=Sharing.ClientRedirect&wdhostclicktime=1714118346761&jsapi=1&jsapiver=v1&newsession=1&corrid=d19e0541-59c5-9a5e-8e10-18de22c9153f&usid=d19e0541-59c5-9a5e-8e10-18de22c9153f&sftc=1&sams=1&cac=1&mtf=1&sfp=1&hch=1&hwfh=1&readonly=1&uihit=docaspx&muv=1&wdredirectionreason=Force_SingleStepBoot&rct=Normal&ctp=LeastProtected
https://usigroups-my.sharepoint.com/personal/js_usigroups_com/_layouts/15/Doc.aspx?sourcedoc={4275c7cd-9559-49b5-9e00-8913e67b2426}&action=view&wd=target%28Payment%20Remittance.one%7C4915276f-778f-4e3a-9738-7cef3746a84f%2FA%20Secure%20File%20Has%20Been%20Shared%20With%20You%7Cb9cca014-4b79-4e4c-ac2d-33a8409af9ce%2F%29&wdorigin=NavigationUrl
https://usigroups-my.sharepoint.com/personal/js_usigroups_com/_layouts/15/Doc.aspx?sourcedoc={4275c7cd-9559-49b5-9e00-8913e67b2426}&action=view&wd=target%28Payment%20Remittance.one%7C4915276f-778f-4e3a-9738-7cef3746a84f%2FA%20Secure%20File%20Has%20Been%20Shared%20With%20You%7Cb9cca014-4b79-4e4c-ac2d-33a8409af9ce%2F%29&wdorigin=NavigationUrl
https://www.onenote.com/officeaddins/learningtools/?et=
https://4odq.cxnev1.ru/1L9z9v39/
https://4odq.cxnev1.ru/1L9z9v39/
https://4odq.cxnev1.ru/1L9z9v39/
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgRmgZjcGPq9rbEGIjCHdQ87I_8X7EpERwXOCmmjL9oKAXFr96F1WOmI1XIOeJbDFyiByqh7q9vy5JBTwvAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
about:blank
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&s=p3PtVr9Rtc4zmVzsCHKovX43dv5ANmW4EHR9iS5ZRMIIERAfjGKzDw3w1miK0y9PbgnSQoncU4tpDcwY7U7I3H8AzWBIeIONPriGr-t350iz5rLlDnHnMsn8yHgPokxAlmiESfF9AloqhxAdR76omyagk91xvML4Zgl45cqaApyGFdTskMdQ5ovLMg_jWYZPNfaQGMkckH4WakBpGFZsgOrmbnGxvK-bAkHbTTEPDuj2EcntrL5pG7v9LQ6p5TbmtOdzjdBPXkSX3nRP41yJg3vY3C02z8E&cb=b3wwlq48xfop
https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=63zqkenm1gfs
https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC
https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC
https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrgu
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfS7acpAAAAAAsxa5xIBWeuydwRcuWr6dsPqzYC&co=aHR0cHM6Ly80b2RxLmN4bmV2MS5ydTo0NDM.&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=normal&cb=c7ns1b39xrgu
There are 17 hidden doms, click here to show them.