Edit tour

Windows Analysis Report
https://planninggreenfutures.co.uk/noil/

Overview

General Information

Sample URL:	https://planninggreenfutures.co.uk/noil/
Analysis ID:	1665814
Infos:

Detection

Score:	20
Range:	0 - 100
Confidence:	80%

Signatures

AI detected suspicious Javascript

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,14331022784213342634,139238066655825086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2568 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://planninggreenfutures.co.uk/noil/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious Javascript

Source: 0.0..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://planninggreenfutures.co.uk/noil/... This script demonstrates several high-risk behaviors:1. Dynamic code execution using `eval()` and `decodeURIComponent()` to execute obfuscated code.2. Data exfiltration by setting a cookie with sensitive information and potentially submitting form data.3. Obfuscated code and URLs, making it difficult to analyze the script's true purpose.The script also attempts to detect various browser automation tools, which could indicate an attempt to bypass security measures. Overall, this script exhibits a high level of malicious intent and should be considered a significant security risk.

Source: https://planninggreenfutures.co.uk/noil/

HTTP Parser: Base64 decoded: (function(){ var a = function() {try{return !!window.addEventListener} catch(e) {return !1} }, b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)}; b(functi...

Source: https://planninggreenfutures.co.uk/noil/	HTTP Parser: No favicon
Source: https://planninggreenfutures.co.uk/noil/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 74.125.138.147:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49728 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /noil/ HTTP/1.1Host: planninggreenfutures.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: planninggreenfutures.co.ukConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://planninggreenfutures.co.uk/noil/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; 9O5XFUSTRKEF4D0tNTH8i5VOalI=3-PU9Xsf7pbdMnWSiiLIvFWadsw
Source: global traffic	HTTP traffic detected: GET /noil/ HTTP/1.1Host: planninggreenfutures.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://planninggreenfutures.co.uk/noil/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; 9O5XFUSTRKEF4D0tNTH8i5VOalI=3-PU9Xsf7pbdMnWSiiLIvFWadsw; jmnfUtjDdqBcSIM0lC6CLpFKm2Q=1744745766; R330STMjPDOl6Cd9ISymkYs_nuw=1744832166; DJXqr-x-Qr2IkAQhd7S0YiNVAlE=nR771USBrWlemPVYTuXNwbMCypk
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: planninggreenfutures.co.ukConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://planninggreenfutures.co.uk/noil/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; 9O5XFUSTRKEF4D0tNTH8i5VOalI=3-PU9Xsf7pbdMnWSiiLIvFWadsw; jmnfUtjDdqBcSIM0lC6CLpFKm2Q=1744745766; R330STMjPDOl6Cd9ISymkYs_nuw=1744832166; DJXqr-x-Qr2IkAQhd7S0YiNVAlE=nR771USBrWlemPVYTuXNwbMCypk; Tejxf_v6HPnbr1wA6K-c4ka28ng=d2cV0f4sDecz1xLHSfeOhOOBSvI; r-xLG1H1HiUoh7m7c7akYbtc3Bk=1744745767; a-vuaCHlCr2MaR58o4FNbAnhgHs=1744832167; yAfzWXZHJyocGJyXzR87YclZbOI=x0A5DWV1IG8jOukFSHvTiK59gaM
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: planninggreenfutures.co.uk

Source: unknown

HTTP traffic detected: POST /noil/ HTTP/1.1Host: planninggreenfutures.co.ukConnection: keep-aliveContent-Length: 22sec-ch-ua-platform: "Windows"X-Requested-TimeStamp-Combination: JRAJSttIF-9Qmygfn7av7VxL2k: 34292439X-Requested-TimeStamp: sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"X-Requested-Type-Combination: GETsec-ch-ua-mobile: ?0X-Requested-with: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-Requested-Type: GETContent-type: application/x-www-form-urlencodedX-Requested-TimeStamp-Expire: Accept: */*Origin: https://planninggreenfutures.co.ukSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://planninggreenfutures.co.uk/noil/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; 9O5XFUSTRKEF4D0tNTH8i5VOalI=3-PU9Xsf7pbdMnWSiiLIvFWadsw

Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Tue, 15 Apr 2025 19:36:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockX-Xss-Protection: 1; mode=blockX-Frame-Options: SAMEORIGINCache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheExpires: 0Cf-Cache-Status: DYNAMICServer: cloudflareSet-Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:04 GMTSet-Cookie: CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:04 GMTSet-Cookie: Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:04 GMTSet-Cookie: NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:04 GMTCF-RAY: 930de3c92c816863-NRTalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Tue, 15 Apr 2025 19:36:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeServer: cloudflareX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockX-Xss-Protection: 1; mode=blockCache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheX-Frame-Options: SAMEORIGINExpires: 0Cf-Cache-Status: BYPASSSet-Cookie: Tejxf_v6HPnbr1wA6K-c4ka28ng=d2cV0f4sDecz1xLHSfeOhOOBSvI; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:07 GMTSet-Cookie: r-xLG1H1HiUoh7m7c7akYbtc3Bk=1744745767; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:07 GMTSet-Cookie: a-vuaCHlCr2MaR58o4FNbAnhgHs=1744832167; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:07 GMTSet-Cookie: yAfzWXZHJyocGJyXzR87YclZbOI=x0A5DWV1IG8jOukFSHvTiK59gaM; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:07 GMTCF-RAY: 930de3d4fd7ce7c2-SYDalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 19:36:09 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockX-Xss-Protection: 1; mode=blockCf-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 930de3dba8c5fcbd-NRTalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 19:36:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeServer: cloudflareVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockX-Xss-Protection: 1; mode=blockCache-Control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutablePragma: publicCf-Cache-Status: MISSCF-RAY: 930de3e90817a93b-SYDalt-svc: h3=":443"; ma=86400

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	HTTPS traffic detected: 74.125.138.147:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49728 version: TLS 1.2

Source: classification engine

Classification label: sus20.win@21/4@4/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,14331022784213342634,139238066655825086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2568 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://planninggreenfutures.co.uk/noil/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,14331022784213342634,139238066655825086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2568 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://planninggreenfutures.co.uk/noil/	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://planninggreenfutures.co.uk/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	74.125.138.147	true	false		high
planninggreenfutures.co.uk	104.21.32.1	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://c.pki.goog/r/r4.crl	false		high
https://planninggreenfutures.co.uk/favicon.ico	false	Avira URL Cloud: safe	unknown
https://planninggreenfutures.co.uk/noil/	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
74.125.138.147	www.google.com	United States		15169	GOOGLEUS	false
104.21.32.1	planninggreenfutures.co.uk	United States		13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1665814
Start date and time:	2025-04-15 21:35:00 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://planninggreenfutures.co.uk/noil/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.win@21/4@4/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.15.94, 172.217.215.113, 172.217.215.138, 172.217.215.139, 172.217.215.102, 172.217.215.101, 172.217.215.100, 108.177.122.100, 108.177.122.102, 108.177.122.138, 108.177.122.113, 108.177.122.139, 108.177.122.101, 64.233.176.84, 74.125.138.102, 74.125.138.138, 74.125.138.100, 74.125.138.113, 74.125.138.101, 74.125.138.139, 172.253.124.100, 172.253.124.139, 172.253.124.138, 172.253.124.113, 172.253.124.101, 172.253.124.102, 64.233.176.138, 64.233.176.139, 64.233.176.100, 64.233.176.113, 64.233.176.101, 64.233.176.102, 74.125.21.102, 74.125.21.139, 74.125.21.138, 74.125.21.113, 74.125.21.101, 74.125.21.100, 23.4.43.62, 199.232.210.172, 64.233.185.113, 64.233.185.100, 64.233.185.138, 64.233.185.102, 64.233.185.139, 64.233.185.101, 142.250.9.102, 142.250.9.101, 142.250.9.138, 142.250.9.100, 142.250.9.113, 142.250.9.139, 74.125.21.94, 64.233.177.101, 64.233.177.138, 64.233.177.100, 64.233.177.102, 64.233.177.139, 64.233.177.113, 23.76.34.6, 204.79.197.222, 4.175.87.19
Excluded domains from analysis (whitelisted): fp.msedge.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, ocsp.digicert.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://planninggreenfutures.co.uk/noil/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	320
Entropy (8bit):	5.03433046230283
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKq7n:J0+oxBeRmR9etdzRxGezZfCzjsKtgiz5
MD5:	9682400222EF22EC53C861B45F6B815A
SHA1:	A285541B20F9A285A3C2EB45309020C7793ECB81
SHA-256:	18B4FCEA2EC57CCD4341051EF8945F2085B0F0258C73BD9716F4B8010B8B2804
SHA-512:	5971A09B0A76E414D7DDB985E75B47AC3918823153C0D35DA52A9EE8C2A715C0EB9A8B64F9A0609CB5FB6E8003DD22F750CEF93EAF3C47D788C5039504E2C505
Malicious:	false
Reputation:	low
URL:	https://planninggreenfutures.co.uk/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>. .

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	320
Entropy (8bit):	5.03433046230283
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKq7n:J0+oxBeRmR9etdzRxGezZfCzjsKtgiz5
MD5:	9682400222EF22EC53C861B45F6B815A
SHA1:	A285541B20F9A285A3C2EB45309020C7793ECB81
SHA-256:	18B4FCEA2EC57CCD4341051EF8945F2085B0F0258C73BD9716F4B8010B8B2804
SHA-512:	5971A09B0A76E414D7DDB985E75B47AC3918823153C0D35DA52A9EE8C2A715C0EB9A8B64F9A0609CB5FB6E8003DD22F750CEF93EAF3C47D788C5039504E2C505
Malicious:	false
Reputation:	low
URL:	https://planninggreenfutures.co.uk/noil/
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>. .

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 21:35:50.853904963 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 15, 2025 21:35:59.056879044 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 21:35:59.446808100 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 21:36:00.119198084 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 21:36:00.509303093 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 15, 2025 21:36:01.321813107 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 21:36:02.418752909 CEST	49724	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:36:02.418802023 CEST	443	49724	74.125.138.147	192.168.2.4
Apr 15, 2025 21:36:02.418891907 CEST	49724	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:36:02.422400951 CEST	49724	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:36:02.422430038 CEST	443	49724	74.125.138.147	192.168.2.4
Apr 15, 2025 21:36:02.655667067 CEST	443	49724	74.125.138.147	192.168.2.4
Apr 15, 2025 21:36:02.655740976 CEST	49724	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:36:02.656920910 CEST	49724	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:36:02.656928062 CEST	443	49724	74.125.138.147	192.168.2.4
Apr 15, 2025 21:36:02.657316923 CEST	443	49724	74.125.138.147	192.168.2.4
Apr 15, 2025 21:36:02.696742058 CEST	49724	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:36:03.727916956 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 21:36:04.323986053 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.324084044 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.324172974 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.324455976 CEST	49728	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.324498892 CEST	443	49728	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.324554920 CEST	49728	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.324606895 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.324645996 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.324681044 CEST	49728	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.324702024 CEST	443	49728	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.873029947 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.873117924 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.874197960 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.874226093 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.874634981 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.874963999 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.916315079 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.948277950 CEST	443	49728	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.948354959 CEST	49728	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.949052095 CEST	49728	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:04.949059010 CEST	443	49728	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.949580908 CEST	443	49728	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:04.998460054 CEST	49728	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:05.978385925 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:05.978491068 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:05.978553057 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:05.978615046 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:05.978698015 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:05.978745937 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:05.978765011 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:05.980779886 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:05.980967999 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:05.980988026 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:05.981076002 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:05.982136965 CEST	49727	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:05.982199907 CEST	443	49727	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:06.025923014 CEST	49728	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:06.054981947 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:06.055078030 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:06.055183887 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:06.055360079 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:06.055383921 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:06.068274975 CEST	443	49728	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:06.692003012 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:06.692403078 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:06.692446947 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:06.692477942 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:06.692485094 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:07.289453030 CEST	443	49728	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:07.289597034 CEST	443	49728	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:07.289674044 CEST	49728	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:07.290359974 CEST	49728	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:07.290375948 CEST	443	49728	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:07.303489923 CEST	49733	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:07.303539991 CEST	443	49733	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:07.303638935 CEST	49733	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:07.303917885 CEST	49733	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:07.303936958 CEST	443	49733	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:07.821912050 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 21:36:07.837006092 CEST	443	49733	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:07.837299109 CEST	49733	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:07.837327003 CEST	443	49733	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:07.837551117 CEST	49733	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:07.837557077 CEST	443	49733	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.135535002 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 21:36:08.347842932 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.347902060 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.347925901 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.347968102 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.347980022 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:08.348009109 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.348051071 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.348140955 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:08.349240065 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.349303007 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:08.349320889 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.349366903 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:08.350917101 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.352680922 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.352705002 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.352758884 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:08.352775097 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.354525089 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.354583979 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:08.354597092 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.354657888 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:08.356293917 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.356350899 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.356414080 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:08.537132025 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 21:36:08.635235071 CEST	49729	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:08.635302067 CEST	443	49729	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:08.743721008 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 21:36:09.195430994 CEST	443	49733	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:09.195569992 CEST	443	49733	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:09.195652962 CEST	49733	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:09.196345091 CEST	49733	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:09.196391106 CEST	443	49733	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:09.279752016 CEST	49734	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:09.279851913 CEST	443	49734	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:09.279949903 CEST	49734	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:09.280134916 CEST	49734	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:09.280157089 CEST	443	49734	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:09.569914103 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.570276022 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.570508003 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.690784931 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.691145897 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.691253901 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.692183971 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.692219019 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.692297935 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.692838907 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.694498062 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.694531918 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.694582939 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.694618940 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.701761007 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.813862085 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.822729111 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.824990988 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.825025082 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 21:36:09.825052977 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.825103998 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 21:36:09.908514023 CEST	443	49734	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:09.908786058 CEST	49734	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:09.908842087 CEST	443	49734	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:09.908960104 CEST	49734	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:09.908977032 CEST	443	49734	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:09.946731091 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 21:36:10.045931101 CEST	49737	80	192.168.2.4	172.217.215.94
Apr 15, 2025 21:36:10.152298927 CEST	80	49737	172.217.215.94	192.168.2.4
Apr 15, 2025 21:36:10.152419090 CEST	49737	80	192.168.2.4	172.217.215.94
Apr 15, 2025 21:36:10.152538061 CEST	49737	80	192.168.2.4	172.217.215.94
Apr 15, 2025 21:36:10.258824110 CEST	80	49737	172.217.215.94	192.168.2.4
Apr 15, 2025 21:36:10.259356022 CEST	80	49737	172.217.215.94	192.168.2.4
Apr 15, 2025 21:36:10.306624889 CEST	49737	80	192.168.2.4	172.217.215.94
Apr 15, 2025 21:36:10.904704094 CEST	443	49734	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:10.904792070 CEST	443	49734	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:10.904937029 CEST	49734	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:10.910574913 CEST	49734	443	192.168.2.4	104.21.32.1
Apr 15, 2025 21:36:10.910626888 CEST	443	49734	104.21.32.1	192.168.2.4
Apr 15, 2025 21:36:12.353375912 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 21:36:12.663136005 CEST	443	49724	74.125.138.147	192.168.2.4
Apr 15, 2025 21:36:12.663269997 CEST	443	49724	74.125.138.147	192.168.2.4
Apr 15, 2025 21:36:12.663399935 CEST	49724	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:36:12.761935949 CEST	49724	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:36:12.761959076 CEST	443	49724	74.125.138.147	192.168.2.4
Apr 15, 2025 21:36:17.165857077 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 21:36:18.145458937 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 21:36:26.779455900 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 21:37:02.370923042 CEST	49744	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:37:02.370973110 CEST	443	49744	74.125.138.147	192.168.2.4
Apr 15, 2025 21:37:02.371071100 CEST	49744	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:37:02.371376038 CEST	49744	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:37:02.371402979 CEST	443	49744	74.125.138.147	192.168.2.4
Apr 15, 2025 21:37:02.601335049 CEST	443	49744	74.125.138.147	192.168.2.4
Apr 15, 2025 21:37:02.602080107 CEST	49744	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:37:02.602099895 CEST	443	49744	74.125.138.147	192.168.2.4
Apr 15, 2025 21:37:10.603595018 CEST	49737	80	192.168.2.4	172.217.215.94
Apr 15, 2025 21:37:10.709958076 CEST	80	49737	172.217.215.94	192.168.2.4
Apr 15, 2025 21:37:10.710007906 CEST	49737	80	192.168.2.4	172.217.215.94
Apr 15, 2025 21:37:12.600815058 CEST	443	49744	74.125.138.147	192.168.2.4
Apr 15, 2025 21:37:12.600965977 CEST	443	49744	74.125.138.147	192.168.2.4
Apr 15, 2025 21:37:12.601174116 CEST	49744	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:37:12.761277914 CEST	49744	443	192.168.2.4	74.125.138.147
Apr 15, 2025 21:37:12.761301041 CEST	443	49744	74.125.138.147	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 21:35:58.461188078 CEST	53	64357	1.1.1.1	192.168.2.4
Apr 15, 2025 21:35:58.664154053 CEST	53	62888	1.1.1.1	192.168.2.4
Apr 15, 2025 21:35:59.425422907 CEST	53	63141	1.1.1.1	192.168.2.4
Apr 15, 2025 21:35:59.551965952 CEST	53	65234	1.1.1.1	192.168.2.4
Apr 15, 2025 21:36:02.308270931 CEST	59292	53	192.168.2.4	1.1.1.1
Apr 15, 2025 21:36:02.308733940 CEST	62395	53	192.168.2.4	1.1.1.1
Apr 15, 2025 21:36:02.415380955 CEST	53	62395	1.1.1.1	192.168.2.4
Apr 15, 2025 21:36:02.416045904 CEST	53	59292	1.1.1.1	192.168.2.4
Apr 15, 2025 21:36:04.160415888 CEST	51000	53	192.168.2.4	1.1.1.1
Apr 15, 2025 21:36:04.161253929 CEST	54103	53	192.168.2.4	1.1.1.1
Apr 15, 2025 21:36:04.316055059 CEST	53	54103	1.1.1.1	192.168.2.4
Apr 15, 2025 21:36:04.323120117 CEST	53	51000	1.1.1.1	192.168.2.4
Apr 15, 2025 21:36:16.556154013 CEST	53	59306	1.1.1.1	192.168.2.4
Apr 15, 2025 21:36:35.633773088 CEST	53	56889	1.1.1.1	192.168.2.4
Apr 15, 2025 21:36:58.183475018 CEST	53	63153	1.1.1.1	192.168.2.4
Apr 15, 2025 21:36:58.602754116 CEST	53	51928	1.1.1.1	192.168.2.4
Apr 15, 2025 21:37:00.633112907 CEST	53	62811	1.1.1.1	192.168.2.4
Apr 15, 2025 21:37:07.218090057 CEST	138	138	192.168.2.4	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 15, 2025 21:36:02.308270931 CEST	192.168.2.4	1.1.1.1	0x4e3c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:02.308733940 CEST	192.168.2.4	1.1.1.1	0x5667	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 15, 2025 21:36:04.160415888 CEST	192.168.2.4	1.1.1.1	0xdc2	Standard query (0)	planninggreenfutures.co.uk	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:04.161253929 CEST	192.168.2.4	1.1.1.1	0xaa44	Standard query (0)	planninggreenfutures.co.uk	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 15, 2025 21:36:02.415380955 CEST	1.1.1.1	192.168.2.4	0x5667	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 15, 2025 21:36:02.416045904 CEST	1.1.1.1	192.168.2.4	0x4e3c	No error (0)	www.google.com	74.125.138.147	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:02.416045904 CEST	1.1.1.1	192.168.2.4	0x4e3c	No error (0)	www.google.com	74.125.138.105	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:02.416045904 CEST	1.1.1.1	192.168.2.4	0x4e3c	No error (0)	www.google.com	74.125.138.106	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:02.416045904 CEST	1.1.1.1	192.168.2.4	0x4e3c	No error (0)	www.google.com	74.125.138.104	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:02.416045904 CEST	1.1.1.1	192.168.2.4	0x4e3c	No error (0)	www.google.com	74.125.138.99	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:02.416045904 CEST	1.1.1.1	192.168.2.4	0x4e3c	No error (0)	www.google.com	74.125.138.103	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:04.316055059 CEST	1.1.1.1	192.168.2.4	0xaa44	No error (0)	planninggreenfutures.co.uk		65	IN (0x0001)	false
Apr 15, 2025 21:36:04.323120117 CEST	1.1.1.1	192.168.2.4	0xdc2	No error (0)	planninggreenfutures.co.uk	104.21.32.1	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:04.323120117 CEST	1.1.1.1	192.168.2.4	0xdc2	No error (0)	planninggreenfutures.co.uk	104.21.80.1	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:04.323120117 CEST	1.1.1.1	192.168.2.4	0xdc2	No error (0)	planninggreenfutures.co.uk	104.21.112.1	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:04.323120117 CEST	1.1.1.1	192.168.2.4	0xdc2	No error (0)	planninggreenfutures.co.uk	104.21.64.1	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:04.323120117 CEST	1.1.1.1	192.168.2.4	0xdc2	No error (0)	planninggreenfutures.co.uk	104.21.16.1	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:04.323120117 CEST	1.1.1.1	192.168.2.4	0xdc2	No error (0)	planninggreenfutures.co.uk	104.21.48.1	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:36:04.323120117 CEST	1.1.1.1	192.168.2.4	0xdc2	No error (0)	planninggreenfutures.co.uk	104.21.96.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

planninggreenfutures.co.uk

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.4	49737	172.217.215.94	80

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2025 21:36:10.152538061 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 15, 2025 21:36:10.259356022 CEST	1242	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 15 Apr 2025 19:31:53 GMT Expires: Tue, 15 Apr 2025 20:21:53 GMT Cache-Control: public, max-age=3000 Age: 257 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49727	104.21.32.1	443	948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 19:36:04 UTC	681	OUT	GET /noil/ HTTP/1.1 Host: planninggreenfutures.co.uk Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 19:36:05 UTC	1044	IN	HTTP/1.1 503 Service Unavailable Date: Tue, 15 Apr 2025 19:36:05 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block X-Xss-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: 0 Cf-Cache-Status: DYNAMIC Server: cloudflare Set-Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:04 GMT Set-Cookie: CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:04 GMT Set-Cookie: Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:04 GMT Set-Cookie: NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:04 GMT CF-RAY: 930de3c92c816863-NRT alt-svc: h3=":443"; ma=86400
2025-04-15 19:36:05 UTC	325	IN	Data Raw: 31 35 63 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d Data Ascii: 15cd<!DOCTYPE html><html><head><meta charset="utf-8" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="viewport" content="width=device-width, initial-
2025-04-15 19:36:05 UTC	1369	IN	Data Raw: 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 3e 65 76 61 6c 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 77 69 6e 64 6f 77 2e 61 74 6f 62 28 27 4b 47 5a 31 62 6d 4e 30 61 57 39 75 4b 43 6c 37 43 69 41 67 49 43 41 67 49 43 41 67 64 6d 46 79 49 47 45 67 50 53 42 6d 64 57 35 6a 64 47 6c 76 62 69 67 70 49 48 74 30 63 6e 6c 37 63 6d 56 30 64 58 4a 75 49 43 45 68 64 32 6c 75 5a 47 39 33 4c 6d 46 6b 5a 45 56 32 5a 57 35 30 54 47 6c 7a 64 47 56 75 5a 58 4a 39 49 47 4e 68 64 47 4e 6f 4b 47 55 70 49 48 74 79 5a 58 52 31 63 6d 34 67 49 54 46 39 49 Data Ascii: ollow" /><script type="text/javascript" charset="utf-8" data-cfasync="false">eval(decodeURIComponent(escape(window.atob('KGZ1bmN0aW9uKCl7CiAgICAgICAgdmFyIGEgPSBmdW5jdGlvbigpIHt0cnl7cmV0dXJuICEhd2luZG93LmFkZEV2ZW50TGlzdGVuZXJ9IGNhdGNoKGUpIHtyZXR1cm4gITF9I
2025-04-15 19:36:05 UTC	1369	IN	Data Raw: 70 65 79 38 71 63 6d 68 70 62 6d 38 71 4c 77 70 70 5a 69 67 68 64 32 6c 75 5a 47 39 33 4c 6e 64 6c 59 6d 52 79 61 58 5a 6c 63 69 6c 37 4c 79 70 7a 5a 57 78 6c 62 6d 6c 31 62 53 6f 76 43 6d 6c 6d 4b 43 46 33 61 57 35 6b 62 33 63 75 5a 47 39 74 51 58 56 30 62 32 31 68 64 47 6c 76 62 69 42 38 66 43 41 68 64 32 6c 75 5a 47 39 33 4c 6d 52 76 62 55 46 31 64 47 39 74 59 58 52 70 62 32 35 44 62 32 35 30 63 6d 39 73 62 47 56 79 4b 58 73 76 4b 6d 4e 6f 63 6d 39 74 61 58 56 74 49 47 4a 68 63 32 56 6b 49 47 46 31 64 47 39 74 59 58 52 70 62 32 34 67 5a 48 4a 70 64 6d 56 79 4b 69 38 4b 61 57 59 6f 49 58 64 70 62 6d 52 76 64 79 35 6b 62 32 4e 31 62 57 56 75 64 43 35 6b 62 32 4e 31 62 57 56 75 64 45 56 73 5a 57 31 6c 62 6e 51 75 5a 32 56 30 51 58 52 30 63 6d 6c 69 64 58 Data Ascii: pey8qcmhpbm8qLwppZighd2luZG93LndlYmRyaXZlcil7LypzZWxlbml1bSovCmlmKCF3aW5kb3cuZG9tQXV0b21hdGlvbiB8fCAhd2luZG93LmRvbUF1dG9tYXRpb25Db250cm9sbGVyKXsvKmNocm9taXVtIGJhc2VkIGF1dG9tYXRpb24gZHJpdmVyKi8KaWYoIXdpbmRvdy5kb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuZ2V0QXR0cmlidX
2025-04-15 19:36:05 UTC	1369	IN	Data Raw: 62 57 56 75 64 48 4d 4b 61 57 59 67 4b 47 5a 70 63 6e 4e 30 52 6d 39 79 62 53 6b 67 65 77 6f 67 49 47 4e 76 62 6e 4e 30 49 47 6c 75 63 48 56 30 52 6d 6c 6c 62 47 52 7a 49 44 30 67 5a 6d 6c 79 63 33 52 47 62 33 4a 74 4c 6e 46 31 5a 58 4a 35 55 32 56 73 5a 57 4e 30 62 33 4a 42 62 47 77 6f 4a 32 6c 75 63 48 56 30 4a 79 6b 37 43 69 41 67 43 69 41 67 61 57 59 67 4b 47 6c 75 63 48 56 30 52 6d 6c 6c 62 47 52 7a 4c 6d 78 6c 62 6d 64 30 61 43 41 2b 49 44 41 70 49 48 73 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 47 52 76 59 33 56 74 5a 57 35 30 4c 6d 5a 76 63 6d 31 7a 57 7a 42 64 4c 6e 4e 31 59 6d 31 Data Ascii: bWVudHMKaWYgKGZpcnN0Rm9ybSkgewogIGNvbnN0IGlucHV0RmllbGRzID0gZmlyc3RGb3JtLnF1ZXJ5U2VsZWN0b3JBbGwoJ2lucHV0Jyk7CiAgCiAgaWYgKGlucHV0RmllbGRzLmxlbmd0aCA+IDApIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRvY3VtZW50LmZvcm1zWzBdLnN1Ym1
2025-04-15 19:36:05 UTC	1157	IN	Data Raw: 48 52 6f 5a 53 42 68 62 6e 4e 33 5a 58 49 67 64 32 68 68 64 43 42 6c 64 6d 56 79 49 48 52 6f 5a 53 42 69 63 6d 39 33 63 32 56 79 49 47 5a 70 5a 33 56 79 5a 58 4d 67 61 58 51 67 62 33 56 30 49 48 52 76 49 47 4a 6c 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 48 68 6f 64 48 52 77 4c 6e 4e 6c 64 46 4a 6c 63 58 56 6c 63 33 52 49 5a 57 46 6b 5a 58 49 6f 4a 31 67 74 55 6d 56 78 64 57 56 7a 64 47 56 6b 4c 58 64 70 64 47 67 6e 4c 43 41 6e 57 45 31 4d 53 48 52 30 63 46 4a 6c 63 58 56 6c 63 33 51 6e 4b 54 73 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 65 47 68 30 64 48 41 75 63 32 56 30 55 6d 56 78 64 57 56 7a 64 45 68 6c 59 57 52 6c 63 69 67 6e 57 43 31 53 Data Ascii: HRoZSBhbnN3ZXIgd2hhdCBldmVyIHRoZSBicm93c2VyIGZpZ3VyZXMgaXQgb3V0IHRvIGJlCiAgICAgICAgICAgICAgICAgICAgICAgIHhodHRwLnNldFJlcXVlc3RIZWFkZXIoJ1gtUmVxdWVzdGVkLXdpdGgnLCAnWE1MSHR0cFJlcXVlc3QnKTsKICAgICAgICAgICAgICAgICAgICAgICAgeGh0dHAuc2V0UmVxdWVzdEhlYWRlcignWC1S
2025-04-15 19:36:05 UTC	743	IN	Data Raw: 32 65 30 0d 0a 62 57 56 75 64 43 35 69 62 32 52 35 4c 6d 4e 73 61 57 56 75 64 45 68 6c 61 57 64 6f 64 43 42 38 66 43 41 77 4f 77 70 70 5a 69 41 6f 4b 48 4e 33 49 44 30 39 49 48 64 33 4b 53 41 6d 4a 69 41 6f 63 32 67 67 50 54 30 67 64 32 67 70 4b 53 42 37 43 69 41 67 49 43 42 32 49 44 30 67 64 48 4a 31 5a 54 73 4b 49 43 41 67 49 47 6c 6d 49 43 67 68 4b 48 64 33 49 43 55 67 4d 6a 41 77 4b 53 41 6d 4a 69 41 6f 64 32 67 67 4a 53 41 78 4d 44 41 70 4b 53 42 37 43 69 41 67 49 43 41 67 49 43 41 67 64 69 41 39 49 48 52 79 64 57 55 37 43 69 41 67 49 43 42 39 43 6e 30 4b 4c 79 39 32 49 44 30 67 64 48 4a 31 5a 54 73 67 4c 79 39 30 5a 58 4e 30 49 48 5a 68 63 69 42 75 64 57 78 73 5a 57 51 67 62 33 56 30 49 48 56 7a 5a 57 51 67 5a 6d 39 79 49 47 52 6c 59 6e 56 6e 5a 32 Data Ascii: 2e0bWVudC5ib2R5LmNsaWVudEhlaWdodCB8fCAwOwppZiAoKHN3ID09IHd3KSAmJiAoc2ggPT0gd2gpKSB7CiAgICB2ID0gdHJ1ZTsKICAgIGlmICghKHd3ICUgMjAwKSAmJiAod2ggJSAxMDApKSB7CiAgICAgICAgdiA9IHRydWU7CiAgICB9Cn0KLy92ID0gdHJ1ZTsgLy90ZXN0IHZhciBudWxsZWQgb3V0IHVzZWQgZm9yIGRlYnVnZ2
2025-04-15 19:36:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49728	104.21.32.1	443	948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 19:36:06 UTC	1147	OUT	POST /noil/ HTTP/1.1 Host: planninggreenfutures.co.uk Connection: keep-alive Content-Length: 22 sec-ch-ua-platform: "Windows" X-Requested-TimeStamp-Combination: JRAJSttIF-9Qmygfn7av7VxL2k: 34292439 X-Requested-TimeStamp: sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" X-Requested-Type-Combination: GET sec-ch-ua-mobile: ?0 X-Requested-with: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 X-Requested-Type: GET Content-type: application/x-www-form-urlencoded X-Requested-TimeStamp-Expire: Accept: / Origin: https://planninggreenfutures.co.uk Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://planninggreenfutures.co.uk/noil/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; 9O5XFUSTRKEF4D0tNTH8i5VOalI=3-PU9Xsf7pbdMnWSiiLIvFWadsw
2025-04-15 19:36:06 UTC	22	OUT	Data Raw: 6e 61 6d 65 31 3d 48 65 6e 72 79 26 6e 61 6d 65 32 3d 46 6f 72 64 Data Ascii: name1=Henry&name2=Ford
2025-04-15 19:36:07 UTC	1032	IN	HTTP/1.1 204 No Content Date: Tue, 15 Apr 2025 19:36:07 GMT Connection: close X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block X-Xss-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: 0 X-Server-Powered-By: Engintron X-Robots-Tag: noindex, nofollow Cf-Cache-Status: DYNAMIC Server: cloudflare Set-Cookie: 9O5XFUSTRKEF4D0tNTH8i5VOalI=3-PU9Xsf7pbdMnWSiiLIvFWadsw; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:06 GMT Set-Cookie: jmnfUtjDdqBcSIM0lC6CLpFKm2Q=1744745766; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:06 GMT Set-Cookie: R330STMjPDOl6Cd9ISymkYs_nuw=1744832166; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:06 GMT Set-Cookie: DJXqr-x-Qr2IkAQhd7S0YiNVAlE=nR771USBrWlemPVYTuXNwbMCypk; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:06 GMT CF-RAY: 930de3ceaef5a7fc-SYD alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49729	104.21.32.1	443	948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 19:36:06 UTC	879	OUT	GET /favicon.ico HTTP/1.1 Host: planninggreenfutures.co.uk Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://planninggreenfutures.co.uk/noil/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; 9O5XFUSTRKEF4D0tNTH8i5VOalI=3-PU9Xsf7pbdMnWSiiLIvFWadsw
2025-04-15 19:36:08 UTC	1043	IN	HTTP/1.1 503 Service Unavailable Date: Tue, 15 Apr 2025 19:36:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: cloudflare X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block X-Xss-Protection: 1; mode=block Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-Frame-Options: SAMEORIGIN Expires: 0 Cf-Cache-Status: BYPASS Set-Cookie: Tejxf_v6HPnbr1wA6K-c4ka28ng=d2cV0f4sDecz1xLHSfeOhOOBSvI; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:07 GMT Set-Cookie: r-xLG1H1HiUoh7m7c7akYbtc3Bk=1744745767; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:07 GMT Set-Cookie: a-vuaCHlCr2MaR58o4FNbAnhgHs=1744832167; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:07 GMT Set-Cookie: yAfzWXZHJyocGJyXzR87YclZbOI=x0A5DWV1IG8jOukFSHvTiK59gaM; Path=/; Max-Age=86400; Expires=Wed, 16 Apr 2025 19:36:07 GMT CF-RAY: 930de3d4fd7ce7c2-SYD alt-svc: h3=":443"; ma=86400
2025-04-15 19:36:08 UTC	326	IN	Data Raw: 34 36 32 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d Data Ascii: 4621<!DOCTYPE html><html><head><meta charset="utf-8" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="viewport" content="width=device-width, initial-
2025-04-15 19:36:08 UTC	1369	IN	Data Raw: 6c 6c 6f 77 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 3e 65 76 61 6c 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 27 5c 78 32 38 5c 78 36 36 5c 78 37 35 5c 78 36 45 5c 78 36 33 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 32 38 5c 78 32 39 5c 78 37 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 37 36 5c 78 36 31 5c 78 37 32 5c 78 32 30 5c 78 36 31 5c 78 32 30 5c 78 33 44 5c 78 32 30 5c 78 36 36 5c 78 37 35 5c 78 36 45 5c 78 36 33 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 Data Ascii: llow" /><script type="text/javascript" charset="utf-8" data-cfasync="false">eval(decodeURIComponent(escape('\x28\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x61\x20\x3D\x20\x66\x75\x6E\x63\x74\x69\x6F\x
2025-04-15 19:36:08 UTC	1369	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 37 36 5c 78 36 31 5c 78 37 32 5c 78 32 30 5c 78 37 34 5c 78 36 39 5c 78 36 44 5c 78 36 35 5c 78 32 30 5c 78 33 44 5c 78 32 30 5c 78 36 45 5c 78 36 46 5c 78 37 37 5c 78 32 45 5c 78 36 37 5c 78 36 35 5c 78 37 34 5c 78 35 34 5c 78 36 39 5c 78 36 44 5c 78 36 35 5c 78 32 38 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 Data Ascii: \x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x74\x69\x6D\x65\x20\x3D\x20\x6E\x6F\x77\x2E\x67\x65\x74\x54\x69\x6D\x65\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
2025-04-15 19:36:08 UTC	1369	IN	Data Raw: 78 37 33 5c 78 36 35 5c 78 37 32 5c 78 32 30 5c 78 37 34 5c 78 36 46 5c 78 32 30 5c 78 36 36 5c 78 36 39 5c 78 36 37 5c 78 37 35 5c 78 37 32 5c 78 36 35 5c 78 32 30 5c 78 36 46 5c 78 37 35 5c 78 37 34 5c 78 32 30 5c 78 37 34 5c 78 36 46 5c 78 32 30 5c 78 36 37 5c 78 36 35 5c 78 37 34 5c 78 32 30 5c 78 36 31 5c 78 36 45 5c 78 37 33 5c 78 37 37 5c 78 36 35 5c 78 37 32 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 36 39 5c 78 36 36 5c 78 32 38 5c 78 32 31 5c 78 37 37 5c 78 36 39 5c 78 36 45 5c 78 36 34 Data Ascii: x73\x65\x72\x20\x74\x6F\x20\x66\x69\x67\x75\x72\x65\x20\x6F\x75\x74\x20\x74\x6F\x20\x67\x65\x74\x20\x61\x6E\x73\x77\x65\x72\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x66\x28\x21\x77\x69\x6E\x64
2025-04-15 19:36:08 UTC	1369	IN	Data Raw: 36 46 5c 78 36 44 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 32 30 5c 78 37 43 5c 78 37 43 5c 78 32 30 5c 78 32 31 5c 78 37 37 5c 78 36 39 5c 78 36 45 5c 78 36 34 5c 78 36 46 5c 78 37 37 5c 78 32 45 5c 78 36 34 5c 78 36 46 5c 78 36 44 5c 78 34 31 5c 78 37 35 5c 78 37 34 5c 78 36 46 5c 78 36 44 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 34 33 5c 78 36 46 5c 78 36 45 5c 78 37 34 5c 78 37 32 5c 78 36 46 5c 78 36 43 5c 78 36 43 5c 78 36 35 5c 78 37 32 5c 78 32 39 5c 78 37 42 5c 78 32 46 5c 78 32 41 5c 78 36 33 5c 78 36 38 5c 78 37 32 5c 78 36 46 5c 78 36 44 5c 78 36 39 5c 78 37 35 5c 78 36 44 5c 78 32 30 5c 78 36 32 5c 78 36 31 5c 78 37 33 5c 78 36 35 5c 78 36 34 5c 78 32 30 5c 78 36 31 5c 78 37 35 5c 78 37 34 5c Data Ascii: 6F\x6D\x61\x74\x69\x6F\x6E\x20\x7C\x7C\x20\x21\x77\x69\x6E\x64\x6F\x77\x2E\x64\x6F\x6D\x41\x75\x74\x6F\x6D\x61\x74\x69\x6F\x6E\x43\x6F\x6E\x74\x72\x6F\x6C\x6C\x65\x72\x29\x7B\x2F\x2A\x63\x68\x72\x6F\x6D\x69\x75\x6D\x20\x62\x61\x73\x65\x64\x20\x61\x75\x74\
2025-04-15 19:36:08 UTC	1369	IN	Data Raw: 34 5c 78 32 39 5c 78 37 42 5c 78 32 41 5c 78 32 46 5c 78 30 41 5c 78 32 46 5c 78 32 41 5c 78 36 39 5c 78 36 36 5c 78 32 38 5c 78 36 34 5c 78 36 46 5c 78 36 33 5c 78 37 35 5c 78 36 44 5c 78 36 35 5c 78 36 45 5c 78 37 34 5c 78 32 45 5c 78 36 33 5c 78 36 46 5c 78 36 46 5c 78 36 42 5c 78 36 39 5c 78 36 35 5c 78 32 45 5c 78 36 44 5c 78 36 31 5c 78 37 34 5c 78 36 33 5c 78 36 38 5c 78 32 38 5c 78 32 46 5c 78 35 45 5c 78 32 38 5c 78 33 46 5c 78 33 41 5c 78 32 45 5c 78 32 41 5c 78 33 42 5c 78 32 39 5c 78 33 46 5c 78 35 43 5c 78 37 33 5c 78 32 41 5c 78 35 42 5c 78 33 30 5c 78 32 44 5c 78 33 39 5c 78 36 31 5c 78 32 44 5c 78 36 36 5c 78 35 44 5c 78 37 42 5c 78 33 33 5c 78 33 32 5c 78 37 44 5c 78 35 43 5c 78 37 33 5c 78 32 41 5c 78 33 44 5c 78 35 43 5c 78 37 33 5c 78 Data Ascii: 4\x29\x7B\x2A\x2F\x0A\x2F\x2A\x69\x66\x28\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x2E\x6D\x61\x74\x63\x68\x28\x2F\x5E\x28\x3F\x3A\x2E\x2A\x3B\x29\x3F\x5C\x73\x2A\x5B\x30\x2D\x39\x61\x2D\x66\x5D\x7B\x33\x32\x7D\x5C\x73\x2A\x3D\x5C\x73\x
2025-04-15 19:36:08 UTC	1369	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 37 36 5c 78 36 31 5c 78 37 32 5c 78 32 30 5c 78 37 38 5c 78 36 38 5c 78 37 34 5c 78 37 34 5c 78 37 30 5c 78 32 30 5c 78 33 44 5c 78 32 30 5c 78 36 45 5c 78 36 35 5c 78 37 37 5c 78 32 30 5c 78 35 38 5c 78 34 44 5c 78 34 43 5c 78 34 38 5c 78 37 34 5c 78 37 34 5c 78 37 30 5c 78 35 32 5c 78 36 35 5c 78 37 31 5c 78 37 35 5c 78 36 35 5c 78 37 33 5c 78 37 34 5c 78 32 38 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 37 38 5c 78 36 38 5c 78 37 34 5c 78 37 Data Ascii: \x20\x20\x76\x61\x72\x20\x78\x68\x74\x74\x70\x20\x3D\x20\x6E\x65\x77\x20\x58\x4D\x4C\x48\x74\x74\x70\x52\x65\x71\x75\x65\x73\x74\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x7
2025-04-15 19:36:08 UTC	1369	IN	Data Raw: 78 36 43 5c 78 36 35 5c 78 36 33 5c 78 37 34 5c 78 36 46 5c 78 37 32 5c 78 34 31 5c 78 36 43 5c 78 36 43 5c 78 32 38 5c 78 32 37 5c 78 36 39 5c 78 36 45 5c 78 37 30 5c 78 37 35 5c 78 37 34 5c 78 32 37 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 36 39 5c 78 36 36 5c 78 32 30 5c 78 32 38 5c 78 36 39 5c 78 36 45 5c 78 37 30 5c 78 37 35 5c 78 37 34 5c 78 34 36 5c 78 36 39 5c 78 36 35 5c 78 36 43 5c 78 36 34 5c 78 37 33 5c 78 32 45 5c 78 36 43 5c 78 36 35 5c 78 36 45 5c 78 36 37 5c 78 37 34 5c 78 36 38 5c 78 32 30 5c 78 33 45 5c 78 32 30 5c 78 33 30 5c 78 32 39 5c 78 32 30 5c 78 37 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 Data Ascii: x6C\x65\x63\x74\x6F\x72\x41\x6C\x6C\x28\x27\x69\x6E\x70\x75\x74\x27\x29\x3B\x0A\x20\x20\x0A\x20\x20\x69\x66\x20\x28\x69\x6E\x70\x75\x74\x46\x69\x65\x6C\x64\x73\x2E\x6C\x65\x6E\x67\x74\x68\x20\x3E\x20\x30\x29\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20
2025-04-15 19:36:08 UTC	1369	IN	Data Raw: 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 37 37 5c 78 36 39 5c 78 36 45 5c 78 36 34 5c 78 36 46 5c 78 37 37 5c 78 32 45 5c 78 36 43 5c 78 36 46 5c 78 36 33 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 32 45 5c 78 37 32 5c 78 36 35 5c 78 36 43 5c 78 36 46 5c 78 36 31 5c 78 36 34 5c 78 32 38 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c Data Ascii: 20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x72\x65\x6C\x6F\x61\x64\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\
2025-04-15 19:36:08 UTC	1369	IN	Data Raw: 39 5c 78 36 45 5c 78 36 34 5c 78 36 46 5c 78 37 37 5c 78 32 45 5c 78 36 43 5c 78 36 46 5c 78 36 33 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 32 45 5c 78 37 32 5c 78 36 35 5c 78 36 43 5c 78 36 46 5c 78 36 31 5c 78 36 34 5c 78 32 38 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 Data Ascii: 9\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x72\x65\x6C\x6F\x61\x64\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	104.21.32.1	443	948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 19:36:07 UTC	1115	OUT	GET /noil/ HTTP/1.1 Host: planninggreenfutures.co.uk Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://planninggreenfutures.co.uk/noil/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; 9O5XFUSTRKEF4D0tNTH8i5VOalI=3-PU9Xsf7pbdMnWSiiLIvFWadsw; jmnfUtjDdqBcSIM0lC6CLpFKm2Q=1744745766; R330STMjPDOl6Cd9ISymkYs_nuw=1744832166; DJXqr-x-Qr2IkAQhd7S0YiNVAlE=nR771USBrWlemPVYTuXNwbMCypk
2025-04-15 19:36:09 UTC	396	IN	HTTP/1.1 404 Not Found Date: Tue, 15 Apr 2025 19:36:09 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block X-Xss-Protection: 1; mode=block Cf-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 930de3dba8c5fcbd-NRT alt-svc: h3=":443"; ma=86400
2025-04-15 19:36:09 UTC	327	IN	Data Raw: 31 34 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 Data Ascii: 140<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying t
2025-04-15 19:36:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	104.21.32.1	443	948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 19:36:09 UTC	1210	OUT	GET /favicon.ico HTTP/1.1 Host: planninggreenfutures.co.uk Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://planninggreenfutures.co.uk/noil/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: jcc6Qx2Qa8K47m0GezRV3pUGC70=M9RIViqAG6IYepBuf0w_rLN-f2c; CMc2XCAX7fVppbgU-VOIqbYJOCQ=1744745764; Src9Gd_xPBWNrOvuF2DGCttyS7g=1744832164; NeNQ8RH03JIVEyjUqppBfkCIgb0=bGSC6C5b5xkNQcesxv04ABVh-lg; 9O5XFUSTRKEF4D0tNTH8i5VOalI=3-PU9Xsf7pbdMnWSiiLIvFWadsw; jmnfUtjDdqBcSIM0lC6CLpFKm2Q=1744745766; R330STMjPDOl6Cd9ISymkYs_nuw=1744832166; DJXqr-x-Qr2IkAQhd7S0YiNVAlE=nR771USBrWlemPVYTuXNwbMCypk; Tejxf_v6HPnbr1wA6K-c4ka28ng=d2cV0f4sDecz1xLHSfeOhOOBSvI; r-xLG1H1HiUoh7m7c7akYbtc3Bk=1744745767; a-vuaCHlCr2MaR58o4FNbAnhgHs=1744832167; yAfzWXZHJyocGJyXzR87YclZbOI=x0A5DWV1IG8jOukFSHvTiK59gaM
2025-04-15 19:36:10 UTC	522	IN	HTTP/1.1 404 Not Found Date: Tue, 15 Apr 2025 19:36:10 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Server: cloudflare Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block X-Xss-Protection: 1; mode=block Cache-Control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable Pragma: public Cf-Cache-Status: MISS CF-RAY: 930de3e90817a93b-SYD alt-svc: h3=":443"; ma=86400
2025-04-15 19:36:10 UTC	332	IN	Data Raw: 31 34 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 Data Ascii: 140<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying t

Target ID:	1
Start time:	15:35:53
Start date:	15/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	15:35:56
Start date:	15/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,14331022784213342634,139238066655825086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2568 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	15:36:02
Start date:	15/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://planninggreenfutures.co.uk/noil/"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://planninggreenfutures.co.uk/noil/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2212, Parent PID: 3788

General

Chronological Activities

Analysis Process: chrome.exePID: 948, Parent PID: 2212

General

Chronological Activities

Analysis Process: chrome.exePID: 6704, Parent PID: 3788

General

Chronological Activities

Disassembly

Windows Analysis Report
https://planninggreenfutures.co.uk/noil/