Edit tour

Windows Analysis Report
http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12

Overview

General Information

Sample URL:	http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
Analysis ID:	1638118
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2156,i,14519798981091135096,4749171069749786451,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Suricata Signatures

ETPRO EXPLOIT_KIT FoxTDS Filtered Blacklisted

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-14T08:23:24.516945+0100	2859624	1	Exploit Kit Activity Detected	185.246.87.22	80	192.168.2.6	49715	TCP

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Address: gin_throttle_mw_7200000000_8.46.123.189X-Ratelimit-Limit: 500X-Ratelimit-Remaining: 497X-Ratelimit-Reset: 1741940604Date: Fri, 14 Mar 2025 07:23:24 GMTContent-Length: 0

Source: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12	HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3	HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No favicon

Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="author".. found
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="author".. found
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="author".. found
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="author".. found
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="author".. found

Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://6ziv5.escortagencybangalore.com/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://6ziv5.escortagencybangalore.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/styles.css HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://6ziv5.escortagencybangalore.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 6ziv5.escortagencybangalore.com
Source: global traffic	DNS traffic detected: DNS query: feeds.foxnews.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 60142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60141
Source: unknown	Network traffic detected: HTTP traffic on port 60157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 60143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60157
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 60140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2156,i,14519798981091135096,4749171069749786451,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2156,i,14519798981091135096,4749171069749786451,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
http://6ziv5.escortagencybangalore.com/assets/styles.css	0%	Avira URL Cloud	safe
http://6ziv5.escortagencybangalore.com/favicon.ico	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
j.sni.global.fastly.net	151.101.2.132	true	false	high
beacons-handoff.gcp.gvt2.com	142.250.180.67	true	false	high
6ziv5.escortagencybangalore.com	185.246.87.22	true	true	unknown
www.google.com	142.250.186.36	true	false	high
beacons.gvt2.com	172.217.23.99	true	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	high
feeds.foxnews.com	unknown	unknown	false	high

IP	Domain	Country	ASN	ASN Name	Malicious
185.246.87.22	6ziv5.escortagencybangalore.com	France	21409	IKOULAFR	true
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
151.101.2.132	j.sni.global.fastly.net	United States	54113	FASTLYUS	false

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1638118
Start date and time:	2025-03-14 08:22:22 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@22/10@23/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2874
Entropy (8bit):	4.856445873463968
Encrypted:	false
SSDEEP:	48:ZWJJpI4LLIk6ddLHJy8A3SXUV/ot5CjsEn+yxw4Dj7jvj:S3LLIk6T9yvGssE5x7
MD5:	BAEB13B43E808B57749030794B11A103
SHA1:	94784F99A5E7E08F7AA805F01002AA0985458242
SHA-256:	6408BDB269CAFA0A9E51003798ED45B5D172A4A1A64279ADDB332EE6EB97FF80
SHA-512:	3125CF5AC0762BD6BC12A0F92FF02B47DE3ECFC7C1CDFBE1DF0A46CF6DD71873A92529D256E56F64D5A15185D40863B411DE5D4CC486E816357E4DFDD16937E6
Malicious:	false
Reputation:	low
URL:	http://6ziv5.escortagencybangalore.com/
Preview:	.............<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Coming Soon - aliisurf.info</title>.. <link rel="stylesheet" href="/assets/styles.css">..</head>.<body>.<div class="container">. <h1>Our Website is Coming Soon!</h1>. <p>We are working hard to give you the best experience. Stay tuned!</p>. <div class="countdown">. <div class="countdown-item">. <span id="days">00</span>. <label>Days</label>. </div>. <div class="countdown-item">. <span id="hours">00</span>. <label>Hours</label>. </div>. <div class="countdown-item">. <span id="minutes">00</span>. <label>Minutes</label>. </div>. <div class="countdown-item">. <span id="seconds">00</span>. <label>Seconds</label>. </div>. </div>.. <form id="subscription-form" onsubmit="s

Name	Malicious	Antivirus Detection	Reputation
http://6ziv5.escortagencybangalore.com/favicon.ico	true	Avira URL Cloud: safe	unknown
http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12	true		unknown
http://6ziv5.escortagencybangalore.com/assets/styles.css	true	Avira URL Cloud: safe	unknown
http://6ziv5.escortagencybangalore.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3	false		unknown
http://6ziv5.escortagencybangalore.com/	false		unknown
http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12	false		unknown

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 08:23:14.112673998 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 08:23:14.419744968 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 08:23:15.029144049 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 08:23:16.232760906 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 08:23:18.686295986 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 08:23:21.804971933 CET	49708	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:21.805016994 CET	443	49708	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:21.805135965 CET	49708	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:21.805465937 CET	49708	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:21.805480957 CET	443	49708	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:22.005213976 CET	443	49708	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:22.005791903 CET	49709	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:22.005840063 CET	443	49709	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:22.006001949 CET	49709	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:22.006266117 CET	49709	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:22.006285906 CET	443	49709	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:22.157083988 CET	49710	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.157115936 CET	443	49710	104.83.103.192	192.168.2.6
Mar 14, 2025 08:23:22.157383919 CET	49710	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.158885002 CET	49710	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.158899069 CET	443	49710	104.83.103.192	192.168.2.6
Mar 14, 2025 08:23:22.159569979 CET	443	49710	104.83.103.192	192.168.2.6
Mar 14, 2025 08:23:22.160464048 CET	49711	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.160502911 CET	443	49711	104.83.103.192	192.168.2.6
Mar 14, 2025 08:23:22.160970926 CET	49711	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.160970926 CET	49711	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.161010027 CET	443	49711	104.83.103.192	192.168.2.6
Mar 14, 2025 08:23:22.161444902 CET	443	49711	104.83.103.192	192.168.2.6
Mar 14, 2025 08:23:22.161830902 CET	49712	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.161866903 CET	443	49712	104.83.103.192	192.168.2.6
Mar 14, 2025 08:23:22.162076950 CET	49712	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.162589073 CET	49712	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.162617922 CET	443	49712	104.83.103.192	192.168.2.6
Mar 14, 2025 08:23:22.162803888 CET	49712	443	192.168.2.6	104.83.103.192
Mar 14, 2025 08:23:22.204891920 CET	443	49709	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:22.521450996 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 08:23:22.826977015 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 08:23:23.436397076 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 08:23:23.500965118 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 08:23:23.501888037 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.502079010 CET	49716	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.506581068 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:23.506748915 CET	80	49716	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:23.506793976 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.507118940 CET	49716	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.516666889 CET	49717	443	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.516705036 CET	443	49717	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:23.516822100 CET	49717	443	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.517122030 CET	49717	443	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.517133951 CET	443	49717	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:23.717113972 CET	443	49717	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:23.718404055 CET	49718	443	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.718456984 CET	443	49718	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:23.718627930 CET	49718	443	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.721523046 CET	49718	443	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.721537113 CET	443	49718	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:23.920871019 CET	443	49718	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:23.925493956 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:23.937886000 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:24.132869959 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:24.179873943 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:24.184725046 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:24.452235937 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:24.497787952 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:24.511616945 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:24.516944885 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:24.640795946 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 08:23:24.686572075 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:24.741988897 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:25.321582079 CET	49722	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:25.321609974 CET	443	49722	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:25.321765900 CET	49722	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:25.322746992 CET	49722	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:25.322761059 CET	443	49722	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:25.521591902 CET	443	49722	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:25.542711020 CET	49723	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:25.542815924 CET	443	49723	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:25.542892933 CET	49723	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:25.543445110 CET	49723	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:23:25.543484926 CET	443	49723	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:25.721240044 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:25.726015091 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:25.741839886 CET	443	49723	142.250.186.36	192.168.2.6
Mar 14, 2025 08:23:25.906162977 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:25.906214952 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:25.906253099 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:25.906318903 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:25.967742920 CET	49724	443	192.168.2.6	151.101.2.132
Mar 14, 2025 08:23:25.967772961 CET	443	49724	151.101.2.132	192.168.2.6
Mar 14, 2025 08:23:25.968028069 CET	49724	443	192.168.2.6	151.101.2.132
Mar 14, 2025 08:23:25.968364000 CET	49724	443	192.168.2.6	151.101.2.132
Mar 14, 2025 08:23:25.968381882 CET	443	49724	151.101.2.132	192.168.2.6
Mar 14, 2025 08:23:26.169469118 CET	443	49724	151.101.2.132	192.168.2.6
Mar 14, 2025 08:23:26.169996023 CET	49725	443	192.168.2.6	151.101.2.132
Mar 14, 2025 08:23:26.170047045 CET	443	49725	151.101.2.132	192.168.2.6
Mar 14, 2025 08:23:26.170137882 CET	49725	443	192.168.2.6	151.101.2.132
Mar 14, 2025 08:23:26.170691967 CET	49725	443	192.168.2.6	151.101.2.132
Mar 14, 2025 08:23:26.170705080 CET	443	49725	151.101.2.132	192.168.2.6
Mar 14, 2025 08:23:26.368983984 CET	443	49725	151.101.2.132	192.168.2.6
Mar 14, 2025 08:23:27.043553114 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 08:23:30.520792961 CET	49726	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.520845890 CET	443	49726	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.520912886 CET	49726	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.522186995 CET	49726	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.522207022 CET	443	49726	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.522855997 CET	443	49726	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.540921926 CET	49727	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.540957928 CET	443	49727	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.541024923 CET	49727	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.541392088 CET	49727	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.541403055 CET	443	49727	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.541836977 CET	443	49727	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.580264091 CET	49728	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.580347061 CET	443	49728	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.580426931 CET	49728	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.580884933 CET	49728	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.580904007 CET	443	49728	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.581386089 CET	443	49728	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.607371092 CET	49729	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.607410908 CET	443	49729	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.607482910 CET	49729	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.608262062 CET	49729	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.608272076 CET	443	49729	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.608737946 CET	443	49729	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.645669937 CET	49730	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.645704031 CET	443	49730	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.645791054 CET	49730	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.646136999 CET	49730	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.646151066 CET	443	49730	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.646889925 CET	443	49730	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.663069010 CET	49731	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.663100004 CET	443	49731	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.663203955 CET	49731	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.663496971 CET	49731	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.663508892 CET	443	49731	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.663975000 CET	443	49731	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.691786051 CET	49732	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.691831112 CET	443	49732	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.691900969 CET	49732	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.692207098 CET	49732	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.692224979 CET	443	49732	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.692833900 CET	443	49732	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.709346056 CET	49733	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.709379911 CET	443	49733	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.709451914 CET	49733	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.709747076 CET	49733	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:23:30.709758043 CET	443	49733	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:30.710154057 CET	443	49733	20.12.23.50	192.168.2.6
Mar 14, 2025 08:23:31.857883930 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 08:23:33.107908010 CET	49672	443	192.168.2.6	204.79.197.203
Mar 14, 2025 08:23:37.369050026 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:37.373842955 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:37.543749094 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:37.543772936 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:37.543790102 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:37.543844938 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:37.565819979 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:37.570522070 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:37.775954008 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:37.775983095 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:23:37.776035070 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:23:41.467407942 CET	49678	443	192.168.2.6	20.42.65.91
Mar 14, 2025 08:23:42.836340904 CET	60130	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:42.841128111 CET	53	60130	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:42.841188908 CET	60130	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:42.845865965 CET	53	60130	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:43.295500994 CET	60130	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:43.304905891 CET	53	60130	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:43.304975033 CET	60130	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:03.579045057 CET	49685	80	192.168.2.6	172.217.23.99
Mar 14, 2025 08:24:03.579060078 CET	49687	80	192.168.2.6	199.232.210.172
Mar 14, 2025 08:24:03.584083080 CET	80	49685	172.217.23.99	192.168.2.6
Mar 14, 2025 08:24:03.584202051 CET	49685	80	192.168.2.6	172.217.23.99
Mar 14, 2025 08:24:03.584336996 CET	80	49687	199.232.210.172	192.168.2.6
Mar 14, 2025 08:24:03.584388971 CET	49687	80	192.168.2.6	199.232.210.172
Mar 14, 2025 08:24:05.054493904 CET	49686	443	192.168.2.6	2.19.122.56
Mar 14, 2025 08:24:05.054976940 CET	49688	80	192.168.2.6	199.232.210.172
Mar 14, 2025 08:24:05.055032969 CET	49689	80	192.168.2.6	2.23.77.188
Mar 14, 2025 08:24:07.054872036 CET	60140	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.054919958 CET	443	60140	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.054990053 CET	60140	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.055434942 CET	60140	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.055449009 CET	443	60140	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.056166887 CET	443	60140	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.058376074 CET	60141	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.058419943 CET	443	60141	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.058485031 CET	60141	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.058867931 CET	60141	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.058883905 CET	443	60141	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.059303045 CET	443	60141	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.082868099 CET	60142	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.082911968 CET	443	60142	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.082974911 CET	60142	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.083283901 CET	60142	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.083300114 CET	443	60142	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.083708048 CET	443	60142	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.099248886 CET	60143	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.099303007 CET	443	60143	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.099416971 CET	60143	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.099847078 CET	60143	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.099865913 CET	443	60143	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.100318909 CET	443	60143	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.124782085 CET	60144	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.124825954 CET	443	60144	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.124888897 CET	60144	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.125586033 CET	60144	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.125597954 CET	443	60144	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.126135111 CET	443	60144	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.139173031 CET	60145	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.139216900 CET	443	60145	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.139309883 CET	60145	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.139712095 CET	60145	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.139725924 CET	443	60145	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.140258074 CET	443	60145	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.170883894 CET	60146	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.170928001 CET	443	60146	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.170989990 CET	60146	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.171478033 CET	60146	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.171497107 CET	443	60146	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.171948910 CET	443	60146	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.191920996 CET	60147	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.191960096 CET	443	60147	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.192028999 CET	60147	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.192332983 CET	60147	443	192.168.2.6	20.12.23.50
Mar 14, 2025 08:24:07.192342997 CET	443	60147	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:07.192749023 CET	443	60147	20.12.23.50	192.168.2.6
Mar 14, 2025 08:24:08.513698101 CET	49716	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:24:08.518739939 CET	80	49716	185.246.87.22	192.168.2.6
Mar 14, 2025 08:24:21.859576941 CET	60157	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:24:21.859627008 CET	443	60157	142.250.186.36	192.168.2.6
Mar 14, 2025 08:24:21.859741926 CET	60157	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:24:21.860165119 CET	60157	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:24:21.860183001 CET	443	60157	142.250.186.36	192.168.2.6
Mar 14, 2025 08:24:22.058084965 CET	443	60157	142.250.186.36	192.168.2.6
Mar 14, 2025 08:24:22.058731079 CET	60158	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:24:22.058760881 CET	443	60158	142.250.186.36	192.168.2.6
Mar 14, 2025 08:24:22.058872938 CET	60158	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:24:22.059170961 CET	60158	443	192.168.2.6	142.250.186.36
Mar 14, 2025 08:24:22.059185982 CET	443	60158	142.250.186.36	192.168.2.6
Mar 14, 2025 08:24:22.257011890 CET	443	60158	142.250.186.36	192.168.2.6
Mar 14, 2025 08:24:22.779782057 CET	49715	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:24:22.785837889 CET	80	49715	185.246.87.22	192.168.2.6
Mar 14, 2025 08:24:23.922132015 CET	49716	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:24:23.927385092 CET	80	49716	185.246.87.22	192.168.2.6
Mar 14, 2025 08:24:23.927455902 CET	49716	80	192.168.2.6	185.246.87.22
Mar 14, 2025 08:24:33.377234936 CET	443	49681	2.23.227.215	192.168.2.6
Mar 14, 2025 08:24:33.377372980 CET	49681	443	192.168.2.6	2.23.227.215
Mar 14, 2025 08:24:33.377415895 CET	443	49681	2.23.227.215	192.168.2.6
Mar 14, 2025 08:24:33.377475977 CET	49681	443	192.168.2.6	2.23.227.215

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 08:23:17.579036951 CET	53	60800	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:17.619590044 CET	53	56898	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:21.796861887 CET	63360	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:21.797013998 CET	55970	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:21.803881884 CET	53	55970	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:21.804069996 CET	53	63360	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:23.478054047 CET	55629	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:23.478498936 CET	53537	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:23.492270947 CET	53	53537	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:23.497312069 CET	57525	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:23.497569084 CET	62397	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:23.500585079 CET	53	55629	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:23.510205984 CET	53	57525	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:23.519148111 CET	53	62397	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:25.945364952 CET	62543	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:25.945521116 CET	50596	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:23:25.954557896 CET	53	62543	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:25.967268944 CET	53	50596	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:37.844031096 CET	53	65036	1.1.1.1	192.168.2.6
Mar 14, 2025 08:23:42.835603952 CET	53	64666	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:17.103044033 CET	53	58220	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:17.514209032 CET	53	58756	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:19.852870941 CET	53	57964	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:20.671489954 CET	138	138	192.168.2.6	192.168.2.255
Mar 14, 2025 08:24:21.924525023 CET	54887	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:21.924806118 CET	50418	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:21.931883097 CET	53	54887	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:21.932164907 CET	53	50418	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:22.955065012 CET	58432	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:22.955218077 CET	59831	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:22.964796066 CET	53	58432	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:22.964869022 CET	53	59831	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:24.984112024 CET	57974	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:24.990998030 CET	53	57974	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:25.983417034 CET	57974	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:25.990231991 CET	53	57974	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:26.999226093 CET	57974	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:27.007211924 CET	53	57974	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:29.014421940 CET	57974	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:29.021266937 CET	53	57974	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:33.017019987 CET	57974	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:33.024044037 CET	53	57974	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:37.924712896 CET	64946	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:37.924870968 CET	59591	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:37.932934046 CET	53	59591	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:37.932952881 CET	53	64946	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:38.936923981 CET	54579	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:39.544219017 CET	53	54579	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:40.967847109 CET	50489	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:40.974808931 CET	53	50489	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:41.967799902 CET	50489	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:41.975105047 CET	53	50489	1.1.1.1	192.168.2.6
Mar 14, 2025 08:24:42.967880011 CET	50489	53	192.168.2.6	1.1.1.1
Mar 14, 2025 08:24:42.975781918 CET	53	50489	1.1.1.1	192.168.2.6

Timestamp	Bytes transferred	Direction	Data
Mar 14, 2025 08:23:23.925493956 CET	509	OUT	GET /rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 HTTP/1.1 Host: 6ziv5.escortagencybangalore.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 14, 2025 08:23:24.132869959 CET	487	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 499 X-Ratelimit-Reset: 1741940604 Date: Fri, 14 Mar 2025 07:23:24 GMT Content-Length: 235 Data Raw: 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 74 61 72 63 6b 69 6e 67 5f 70 61 72 61 6d 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 73 70 6c 69 74 28 27 23 27 29 5b 31 5d 3b 0a 69 66 28 21 74 61 72 63 6b 69 6e 67 5f 70 61 72 61 6d 29 7b 0a 09 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 22 2f 72 64 2f 22 2c 20 22 2f 74 2f 22 29 3b 0a 7d 65 6c 73 65 7b 0a 09 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 2f 74 2f 27 2b 74 61 72 63 6b 69 6e 67 5f 70 61 72 61 6d 3b 0a 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 3e 3c 2f 70 3e 0a Data Ascii: <script>var tarcking_param = window.location.href.split('#')[1];if(!tarcking_param){document.location.href = document.location.href.replace("/rd/", "/t/");}else{document.location.href = '/t/'+tarcking_param;}</script><p></p>
Mar 14, 2025 08:23:24.179873943 CET	621	OUT	GET /t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 HTTP/1.1 Host: 6ziv5.escortagencybangalore.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 14, 2025 08:23:24.452235937 CET	462	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 498 X-Ratelimit-Reset: 1741940604 Date: Fri, 14 Mar 2025 07:23:24 GMT Content-Length: 210 Data Raw: 3c 73 63 72 69 70 74 3e 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 2f 6e 65 77 73 3f 71 3d 49 50 20 70 72 6f 76 69 64 65 72 20 69 73 20 62 6c 61 63 6b 6c 69 73 74 65 64 21 20 4c 45 56 45 4c 33 27 3b 20 0a 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 6e 65 77 73 3f 71 3d 49 50 20 70 72 6f 76 69 64 65 72 20 69 73 20 62 6c 61 63 6b 6c 69 73 74 65 64 21 20 4c 45 56 45 4c 33 27 29 3b 0a 7d 2c 20 31 30 30 30 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 3e 3c 2f 70 3e 0a Data Ascii: <script>setTimeout(function(){ window.location.href = '/news?q=IP provider is blacklisted! LEVEL3'; console.log('redirecting to /news?q=IP provider is blacklisted! LEVEL3');}, 1000);</script><p></p>
Mar 14, 2025 08:23:24.511616945 CET	468	OUT	GET /favicon.ico HTTP/1.1 Host: 6ziv5.escortagencybangalore.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 14, 2025 08:23:24.686572075 CET	258	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 497 X-Ratelimit-Reset: 1741940604 Date: Fri, 14 Mar 2025 07:23:24 GMT Content-Length: 0
Mar 14, 2025 08:23:25.721240044 CET	607	OUT	GET /news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 HTTP/1.1 Host: 6ziv5.escortagencybangalore.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 14, 2025 08:23:25.906162977 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 496 X-Ratelimit-Reset: 1741940604 Date: Fri, 14 Mar 2025 07:23:25 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 61 6c 69 69 73 75 72 66 2e 69 6e 66 6f 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - aliisurf.info </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none; }
Mar 14, 2025 08:23:25.906214952 CET	1236	IN	Data Raw: 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 77 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a Data Ascii: .news-item a:hover { text-decoration: underline; } .news-item p { font-size: 1rem; margin-bottom: 0; } </style></head><body><div class="container"> <h1>Fox News
Mar 14, 2025 08:23:25.906253099 CET	998	IN	Data Raw: 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 67 75 69 64 20 3d 20 67 75 69 64 45 6c 65 6d 65 6e 74 20 3f 20 67 75 69 64 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3a 20 22 23 22 3b 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: ; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentElem
Mar 14, 2025 08:23:37.369050026 CET	545	OUT	GET / HTTP/1.1 Host: 6ziv5.escortagencybangalore.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://6ziv5.escortagencybangalore.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 14, 2025 08:23:37.543749094 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 495 X-Ratelimit-Reset: 1741940604 Date: Fri, 14 Mar 2025 07:23:37 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 61 6c 69 69 73 75 72 66 2e 69 6e 66 6f 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 21 3c [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - aliisurf.info</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id="su
Mar 14, 2025 08:23:37.543772936 CET	1236	IN	Data Raw: 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 62 6d 69 74 46 6f 72 6d 28 65 76 65 6e 74 29 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 69 64 3d 22 65 6d 61 Data Ascii: bscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</button> <p id="subscription-message"></p> </form> <a href="
Mar 14, 2025 08:23:37.543790102 CET	680	IN	Data Raw: 25 20 28 31 30 30 30 20 2a 0a 20 20 20 20 20 20 20 20 20 20 20 20 36 30 29 29 20 2f 20 31 30 30 30 29 3b 0a 0a 20 20 20 20 20 20 20 20 64 61 79 73 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3d 20 64 61 79 73 2e 74 6f 53 74 72 69 Data Ascii: % (1000 * 60)) / 1000); daysElement.textContent = days.toString().padStart(2, '0'); hoursElement.textContent = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().padStart(2,
Mar 14, 2025 08:23:37.565819979 CET	366	OUT	GET /assets/styles.css HTTP/1.1 Host: 6ziv5.escortagencybangalore.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://6ziv5.escortagencybangalore.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 14, 2025 08:23:37.775954008 CET	1236	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 1435 Content-Type: text/css; charset=utf-8 Last-Modified: Mon, 10 Mar 2025 22:07:33 GMT Date: Fri, 14 Mar 2025 07:23:37 GMT Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 33 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 34 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 3b 0a 20 20 20 20 [TRUNCATED] Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { background-color: #ffffff; padding: 30px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); text-align: center;}h1 { font-size: 36px; margin-bottom: 20px; color: #333;}p { font-size: 18px; color: #777; margin-bottom: 40px;}.countdown { display: flex; justify-content: center; margin-bottom: 40px;}.countdown-item { display: inline-block; margin: 0 10px;}.countdown-item span { font-size: 24px; color: #444;}.countdown-item label { display: block; font-size: 14px; color: #999;}form { display: flex; justify-content: center; align-items: center; flex-direction: column;}input[type="email"] { font-size: 16px; padding: 10px; border: 1px solid #ccc; [TRUNCATED]
Mar 14, 2025 08:23:37.775983095 CET	384	IN	Data Raw: 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 33 30 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 Data Ascii: max-width: 300px; margin-bottom: 20px;}button { font-size: 16px; padding: 10px 20px; background-color: #333; color: #fff; border: none; border-radius: 5px; cursor: pointer; transition: background-color
Mar 14, 2025 08:24:22.779782057 CET	6	OUT	Data Raw: 00 Data Ascii:

Target ID:	1
Start time:	03:23:12
Start date:	14/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	03:23:15
Start date:	14/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2156,i,14519798981091135096,4749171069749786451,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	12
Start time:	03:23:22
Start date:	14/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3816, Parent PID: 3784

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Windows Analysis Report
http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre