Edit tour

Windows Analysis Report
http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12

Overview

General Information

Sample URL:http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
Analysis ID:1638118
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML title does not match URL
None HTTPS page querying sensitive user data (password, username or email)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 3816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2156,i,14519798981091135096,4749171069749786451,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-14T08:23:24.516945+010028596241Exploit Kit Activity Detected185.246.87.2280192.168.2.649715TCP

Click to jump to signature section

Show All Signature Results
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: Number of links: 0
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: Title: Coming Soon - aliisurf.info does not match URL
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: Has password / email / username input fields
Source: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No favicon
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="author".. found
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="author".. found
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="author".. found
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="author".. found
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="author".. found
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="copyright".. found
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="copyright".. found
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="copyright".. found
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="copyright".. found
Source: http://6ziv5.escortagencybangalore.com/HTTP Parser: No <meta name="copyright".. found

Networking

barindex
Source: Network trafficSuricata IDS: 2859624 - Severity 1 - ETPRO EXPLOIT_KIT FoxTDS Filtered Blacklisted : 185.246.87.22:80 -> 192.168.2.6:49715
Source: global trafficTCP traffic: 192.168.2.6:60130 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 104.83.103.192
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://6ziv5.escortagencybangalore.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/styles.css HTTP/1.1Host: 6ziv5.escortagencybangalore.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://6ziv5.escortagencybangalore.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: 6ziv5.escortagencybangalore.com
Source: global trafficDNS traffic detected: DNS query: feeds.foxnews.com
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Address: gin_throttle_mw_7200000000_8.46.123.189X-Ratelimit-Limit: 500X-Ratelimit-Remaining: 497X-Ratelimit-Reset: 1741940604Date: Fri, 14 Mar 2025 07:23:24 GMTContent-Length: 0
Source: chromecache_51.3.drString found in binary or memory: https://feeds.foxnews.com/foxnews/world
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60141 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60145 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60158 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 60142 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60146 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60147
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60146
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60145
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60143
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60141
Source: unknownNetwork traffic detected: HTTP traffic on port 60157 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60140
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 60143 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60147 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60158
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60157
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 60140 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60144 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir3816_554439401Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir3816_554439401Jump to behavior
Source: classification engineClassification label: mal48.win@22/10@23/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2156,i,14519798981091135096,4749171069749786451,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2156,i,14519798981091135096,4749171069749786451,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1638118 URL: http://6ziv5.escortagencyba... Startdate: 14/03/2025 Architecture: WINDOWS Score: 48 15 beacons.gvt2.com 2->15 17 beacons.gcp.gvt2.com 2->17 19 beacons-handoff.gcp.gvt2.com 2->19 29 Suricata IDS alerts for network traffic 2->29 7 chrome.exe 2 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 21 192.168.2.6, 138, 443, 49681 unknown unknown 7->21 12 chrome.exe 7->12         started        process6 dnsIp7 23 6ziv5.escortagencybangalore.com 185.246.87.22, 443, 49715, 49716 IKOULAFR France 12->23 25 www.google.com 142.250.186.36, 443, 49708, 49709 GOOGLEUS United States 12->25 27 5 other IPs or domains 12->27

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G120%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://6ziv5.escortagencybangalore.com/assets/styles.css0%Avira URL Cloudsafe
http://6ziv5.escortagencybangalore.com/favicon.ico0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
j.sni.global.fastly.net
151.101.2.132
truefalse
    high
    beacons-handoff.gcp.gvt2.com
    142.250.180.67
    truefalse
      high
      6ziv5.escortagencybangalore.com
      185.246.87.22
      truetrue
        unknown
        www.google.com
        142.250.186.36
        truefalse
          high
          beacons.gvt2.com
          172.217.23.99
          truefalse
            high
            beacons.gcp.gvt2.com
            unknown
            unknownfalse
              high
              feeds.foxnews.com
              unknown
              unknownfalse
                high
                NameMaliciousAntivirus DetectionReputation
                http://6ziv5.escortagencybangalore.com/favicon.icotrue
                • Avira URL Cloud: safe
                unknown
                http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12true
                  unknown
                  http://6ziv5.escortagencybangalore.com/assets/styles.csstrue
                  • Avira URL Cloud: safe
                  unknown
                  http://6ziv5.escortagencybangalore.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3false
                    unknown
                    http://6ziv5.escortagencybangalore.com/false
                      unknown
                      http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12false
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://feeds.foxnews.com/foxnews/worldchromecache_51.3.drfalse
                          high
                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs
                          IPDomainCountryFlagASNASN NameMalicious
                          185.246.87.22
                          6ziv5.escortagencybangalore.comFrance
                          21409IKOULAFRtrue
                          142.250.186.36
                          www.google.comUnited States
                          15169GOOGLEUSfalse
                          151.101.2.132
                          j.sni.global.fastly.netUnited States
                          54113FASTLYUSfalse
                          IP
                          192.168.2.6
                          Joe Sandbox version:42.0.0 Malachite
                          Analysis ID:1638118
                          Start date and time:2025-03-14 08:22:22 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 3m 19s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:browseurl.jbs
                          Sample URL:http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:16
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal48.win@22/10@23/4
                          EGA Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 0
                          • Number of non-executed functions: 0
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
                          • Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.185.142, 142.250.184.206, 64.233.167.84, 142.250.186.74, 142.250.186.106, 142.250.186.170, 216.58.206.42, 142.250.185.234, 142.250.185.138, 142.250.185.202, 142.250.185.170, 142.250.185.106, 142.250.184.202, 142.250.184.234, 142.250.181.234, 172.217.16.202, 142.250.186.138, 142.250.185.74, 142.250.186.42, 199.232.214.172, 142.250.181.227, 142.250.186.131, 142.250.186.46, 108.177.15.84
                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtOpenFile calls found.
                          • VT rate limit hit for: http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
                          No simulations
                          No context
                          No context
                          No context
                          No context
                          No context
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text
                          Category:downloaded
                          Size (bytes):2874
                          Entropy (8bit):4.856445873463968
                          Encrypted:false
                          SSDEEP:48:ZWJJpI4LLIk6ddLHJy8A3SXUV/ot5CjsEn+yxw4Dj7jvj:S3LLIk6T9yvGssE5x7
                          MD5:BAEB13B43E808B57749030794B11A103
                          SHA1:94784F99A5E7E08F7AA805F01002AA0985458242
                          SHA-256:6408BDB269CAFA0A9E51003798ED45B5D172A4A1A64279ADDB332EE6EB97FF80
                          SHA-512:3125CF5AC0762BD6BC12A0F92FF02B47DE3ECFC7C1CDFBE1DF0A46CF6DD71873A92529D256E56F64D5A15185D40863B411DE5D4CC486E816357E4DFDD16937E6
                          Malicious:false
                          Reputation:low
                          URL:http://6ziv5.escortagencybangalore.com/
                          Preview:.............<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Coming Soon - aliisurf.info</title>.. <link rel="stylesheet" href="/assets/styles.css">..</head>.<body>.<div class="container">. <h1>Our Website is Coming Soon!</h1>. <p>We are working hard to give you the best experience. Stay tuned!</p>. <div class="countdown">. <div class="countdown-item">. <span id="days">00</span>. <label>Days</label>. </div>. <div class="countdown-item">. <span id="hours">00</span>. <label>Hours</label>. </div>. <div class="countdown-item">. <span id="minutes">00</span>. <label>Minutes</label>. </div>. <div class="countdown-item">. <span id="seconds">00</span>. <label>Seconds</label>. </div>. </div>.. <form id="subscription-form" onsubmit="s
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text
                          Category:downloaded
                          Size (bytes):235
                          Entropy (8bit):4.996687328840349
                          Encrypted:false
                          SSDEEP:6:HXQI4ySmfH1A7YmmBi7YmjA0VhM+yp7YmmJyR13YoVL:HXYknxJX0VM2xYwIL
                          MD5:41735C0E24BE1E5BD89C1F6531207494
                          SHA1:9EAE1BFA3B43E52C21E87FABCD63A4C2A3E55554
                          SHA-256:A594B117BC9C64745935F48B866C3CAA70CDED9C35EE02841A28277F3E75FFE3
                          SHA-512:2CE91960620061DE0C91383930CC83BA32CCAD82E75C6CF8678CCF907021EA8D2901B327AF67565593D765873FD7988AA533753A2B8E94E2FB38D71C3A3C787F
                          Malicious:false
                          Reputation:low
                          URL:http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
                          Preview:<script>.var tarcking_param = window.location.href.split('#')[1];.if(!tarcking_param){..document.location.href = document.location.href.replace("/rd/", "/t/");.}else{..document.location.href = '/t/'+tarcking_param;.}.</script>.<p></p>.
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text
                          Category:downloaded
                          Size (bytes):1435
                          Entropy (8bit):4.7130828204283555
                          Encrypted:false
                          SSDEEP:24:UkvMuGRKe7+U6eSEMDSaGvMdufqGmnoSPfzS7pvMugQrYFv0CGSTYFUL9MtDY3Ss:Uk9w7x9sHGgufRNkz09fcFMCGJFUL9MO
                          MD5:1FB5EDFEA0AF10D301EFCD56738BA30A
                          SHA1:1AAC6EB08825AD63AC334CFF1F816CC9ECA71219
                          SHA-256:161D0961994DD86814FAFBA6EDD6FA7A75D17B19B2E60E1EE01ADAA9EA19DADC
                          SHA-512:A0C3F78B663E01D24DDD53AF6D0D1E3E9DD743C3E4CB6FC8F45588BCC37AB3923A2992505C4842D9E451692A7E7495155F58BFED056BCFE57E02204603F962DD
                          Malicious:false
                          Reputation:low
                          URL:http://6ziv5.escortagencybangalore.com/assets/styles.css
                          Preview:body {. font-family: Arial, sans-serif;. background-color: #f0f0f0;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. margin: 0;. padding: 0;.}...container {. background-color: #ffffff;. padding: 30px;. border-radius: 10px;. box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);. text-align: center;.}..h1 {. font-size: 36px;. margin-bottom: 20px;. color: #333;.}..p {. font-size: 18px;. color: #777;. margin-bottom: 40px;.}...countdown {. display: flex;. justify-content: center;. margin-bottom: 40px;.}...countdown-item {. display: inline-block;. margin: 0 10px;.}...countdown-item span {. font-size: 24px;. color: #444;.}...countdown-item label {. display: block;. font-size: 14px;. color: #999;.}..form {. display: flex;. justify-content: center;. align-items: center;. flex-direction: column;.}..input[type="email"] {. font-size: 16px;. padding: 10px;. border: 1px sol
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text
                          Category:downloaded
                          Size (bytes):3192
                          Entropy (8bit):4.575541227665154
                          Encrypted:false
                          SSDEEP:48:vurC1AFRZpvtph6F6BgxVbaCdQciJ2ZBgof6PM5FGxs7vtj:vu21Yd6ygx4cA2
                          MD5:FEC9445092E905D0605BAB3B2118493D
                          SHA1:B0396E4E029F82FDBB34774C2A846FC6430BB79B
                          SHA-256:707DA433196FE9BC1865F3A87526BF07E508AC3BD1209F44A781D4A9B40CF3CF
                          SHA-512:C4223B39873B4C725FA72F1EC3B1FA665B2D0BC24F5D53535459061787894F17C963EEE72739FA86BBEC20768A3F2B942E036BF8914F0142BA09F825B4A3C962
                          Malicious:false
                          Reputation:low
                          URL:http://6ziv5.escortagencybangalore.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3
                          Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Fox News World RSS Feed - aliisurf.info </title>. <style>. body {. font-family: Arial, sans-serif;. background-color: #f4f6f9;. color: #333;. margin: 0;. padding: 0;. }.. .container {. width: 80%;. margin: 0 auto;. }.. h1 {. font-size: 2rem;. margin: 2rem 0;. }.. .news-item {. background-color: white;. padding: 1.5rem;. margin-bottom: 1rem;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);. }.. .news-item h2 {. font-size: 1.5rem;. margin-bottom: 1rem;. }.. .news-item a {. color: #1a73e8;. text-decoration: none;. }.. .news-item a:hover
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text
                          Category:downloaded
                          Size (bytes):210
                          Entropy (8bit):5.098105294030167
                          Encrypted:false
                          SSDEEP:6:uIRnXHFmmmJ0S2IcENFJKSK/xIcEo/VMCGYoVL:lXHAx6S2SRcJ9IL
                          MD5:05DA576EB71641B10811A1AEF60A853D
                          SHA1:5E7C7F426430C30209FE270AB129A9C0100BDEE9
                          SHA-256:58B98E11D36F9689D4AF3C1CB3755528817709300FACF6D314C99CE91BD90B4B
                          SHA-512:2DAC5452E42E24043F512741B01E08CDEE464771A13C2D38D3F9958F75FCEA079F67A7B704AC6753C0BAB02DFDDD434AE7024D4674E3A532A70D50C5D6A72937
                          Malicious:false
                          Reputation:low
                          URL:http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
                          Preview:<script>.setTimeout(function(){. window.location.href = '/news?q=IP provider is blacklisted! LEVEL3'; . console.log('redirecting to /news?q=IP provider is blacklisted! LEVEL3');.}, 1000);.</script>.<p></p>.
                          No static file info

                          Download Network PCAP: filteredfull

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2025-03-14T08:23:24.516945+01002859624ETPRO EXPLOIT_KIT FoxTDS Filtered Blacklisted1185.246.87.2280192.168.2.649715TCP
                          • Total Packets: 157
                          • 443 (HTTPS)
                          • 80 (HTTP)
                          • 53 (DNS)
                          TimestampSource PortDest PortSource IPDest IP
                          Mar 14, 2025 08:23:14.112673998 CET49672443192.168.2.6204.79.197.203
                          Mar 14, 2025 08:23:14.419744968 CET49672443192.168.2.6204.79.197.203
                          Mar 14, 2025 08:23:15.029144049 CET49672443192.168.2.6204.79.197.203
                          Mar 14, 2025 08:23:16.232760906 CET49672443192.168.2.6204.79.197.203
                          Mar 14, 2025 08:23:18.686295986 CET49672443192.168.2.6204.79.197.203
                          Mar 14, 2025 08:23:21.804971933 CET49708443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:21.805016994 CET44349708142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:21.805135965 CET49708443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:21.805465937 CET49708443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:21.805480957 CET44349708142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:22.005213976 CET44349708142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:22.005791903 CET49709443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:22.005840063 CET44349709142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:22.006001949 CET49709443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:22.006266117 CET49709443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:22.006285906 CET44349709142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:22.157083988 CET49710443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.157115936 CET44349710104.83.103.192192.168.2.6
                          Mar 14, 2025 08:23:22.157383919 CET49710443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.158885002 CET49710443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.158899069 CET44349710104.83.103.192192.168.2.6
                          Mar 14, 2025 08:23:22.159569979 CET44349710104.83.103.192192.168.2.6
                          Mar 14, 2025 08:23:22.160464048 CET49711443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.160502911 CET44349711104.83.103.192192.168.2.6
                          Mar 14, 2025 08:23:22.160970926 CET49711443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.160970926 CET49711443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.161010027 CET44349711104.83.103.192192.168.2.6
                          Mar 14, 2025 08:23:22.161444902 CET44349711104.83.103.192192.168.2.6
                          Mar 14, 2025 08:23:22.161830902 CET49712443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.161866903 CET44349712104.83.103.192192.168.2.6
                          Mar 14, 2025 08:23:22.162076950 CET49712443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.162589073 CET49712443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.162617922 CET44349712104.83.103.192192.168.2.6
                          Mar 14, 2025 08:23:22.162803888 CET49712443192.168.2.6104.83.103.192
                          Mar 14, 2025 08:23:22.204891920 CET44349709142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:22.521450996 CET49678443192.168.2.620.42.65.91
                          Mar 14, 2025 08:23:22.826977015 CET49678443192.168.2.620.42.65.91
                          Mar 14, 2025 08:23:23.436397076 CET49678443192.168.2.620.42.65.91
                          Mar 14, 2025 08:23:23.500965118 CET49672443192.168.2.6204.79.197.203
                          Mar 14, 2025 08:23:23.501888037 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.502079010 CET4971680192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.506581068 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:23.506748915 CET8049716185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:23.506793976 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.507118940 CET4971680192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.516666889 CET49717443192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.516705036 CET44349717185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:23.516822100 CET49717443192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.517122030 CET49717443192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.517133951 CET44349717185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:23.717113972 CET44349717185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:23.718404055 CET49718443192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.718456984 CET44349718185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:23.718627930 CET49718443192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.721523046 CET49718443192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.721537113 CET44349718185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:23.920871019 CET44349718185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:23.925493956 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:23.937886000 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:24.132869959 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:24.179873943 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:24.184725046 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:24.452235937 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:24.497787952 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:24.511616945 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:24.516944885 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:24.640795946 CET49678443192.168.2.620.42.65.91
                          Mar 14, 2025 08:23:24.686572075 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:24.741988897 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:25.321582079 CET49722443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:25.321609974 CET44349722142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:25.321765900 CET49722443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:25.322746992 CET49722443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:25.322761059 CET44349722142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:25.521591902 CET44349722142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:25.542711020 CET49723443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:25.542815924 CET44349723142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:25.542892933 CET49723443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:25.543445110 CET49723443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:23:25.543484926 CET44349723142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:25.721240044 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:25.726015091 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:25.741839886 CET44349723142.250.186.36192.168.2.6
                          Mar 14, 2025 08:23:25.906162977 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:25.906214952 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:25.906253099 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:25.906318903 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:25.967742920 CET49724443192.168.2.6151.101.2.132
                          Mar 14, 2025 08:23:25.967772961 CET44349724151.101.2.132192.168.2.6
                          Mar 14, 2025 08:23:25.968028069 CET49724443192.168.2.6151.101.2.132
                          Mar 14, 2025 08:23:25.968364000 CET49724443192.168.2.6151.101.2.132
                          Mar 14, 2025 08:23:25.968381882 CET44349724151.101.2.132192.168.2.6
                          Mar 14, 2025 08:23:26.169469118 CET44349724151.101.2.132192.168.2.6
                          Mar 14, 2025 08:23:26.169996023 CET49725443192.168.2.6151.101.2.132
                          Mar 14, 2025 08:23:26.170047045 CET44349725151.101.2.132192.168.2.6
                          Mar 14, 2025 08:23:26.170137882 CET49725443192.168.2.6151.101.2.132
                          Mar 14, 2025 08:23:26.170691967 CET49725443192.168.2.6151.101.2.132
                          Mar 14, 2025 08:23:26.170705080 CET44349725151.101.2.132192.168.2.6
                          Mar 14, 2025 08:23:26.368983984 CET44349725151.101.2.132192.168.2.6
                          Mar 14, 2025 08:23:27.043553114 CET49678443192.168.2.620.42.65.91
                          Mar 14, 2025 08:23:30.520792961 CET49726443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.520845890 CET4434972620.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.520912886 CET49726443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.522186995 CET49726443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.522207022 CET4434972620.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.522855997 CET4434972620.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.540921926 CET49727443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.540957928 CET4434972720.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.541024923 CET49727443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.541392088 CET49727443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.541403055 CET4434972720.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.541836977 CET4434972720.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.580264091 CET49728443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.580347061 CET4434972820.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.580426931 CET49728443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.580884933 CET49728443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.580904007 CET4434972820.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.581386089 CET4434972820.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.607371092 CET49729443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.607410908 CET4434972920.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.607482910 CET49729443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.608262062 CET49729443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.608272076 CET4434972920.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.608737946 CET4434972920.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.645669937 CET49730443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.645704031 CET4434973020.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.645791054 CET49730443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.646136999 CET49730443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.646151066 CET4434973020.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.646889925 CET4434973020.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.663069010 CET49731443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.663100004 CET4434973120.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.663203955 CET49731443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.663496971 CET49731443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.663508892 CET4434973120.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.663975000 CET4434973120.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.691786051 CET49732443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.691831112 CET4434973220.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.691900969 CET49732443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.692207098 CET49732443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.692224979 CET4434973220.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.692833900 CET4434973220.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.709346056 CET49733443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.709379911 CET4434973320.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.709451914 CET49733443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.709747076 CET49733443192.168.2.620.12.23.50
                          Mar 14, 2025 08:23:30.709758043 CET4434973320.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:30.710154057 CET4434973320.12.23.50192.168.2.6
                          Mar 14, 2025 08:23:31.857883930 CET49678443192.168.2.620.42.65.91
                          Mar 14, 2025 08:23:33.107908010 CET49672443192.168.2.6204.79.197.203
                          Mar 14, 2025 08:23:37.369050026 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:37.373842955 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:37.543749094 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:37.543772936 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:37.543790102 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:37.543844938 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:37.565819979 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:37.570522070 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:37.775954008 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:37.775983095 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:23:37.776035070 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:23:41.467407942 CET49678443192.168.2.620.42.65.91
                          Mar 14, 2025 08:23:42.836340904 CET6013053192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:42.841128111 CET53601301.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:42.841188908 CET6013053192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:42.845865965 CET53601301.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:43.295500994 CET6013053192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:43.304905891 CET53601301.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:43.304975033 CET6013053192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:03.579045057 CET4968580192.168.2.6172.217.23.99
                          Mar 14, 2025 08:24:03.579060078 CET4968780192.168.2.6199.232.210.172
                          Mar 14, 2025 08:24:03.584083080 CET8049685172.217.23.99192.168.2.6
                          Mar 14, 2025 08:24:03.584202051 CET4968580192.168.2.6172.217.23.99
                          Mar 14, 2025 08:24:03.584336996 CET8049687199.232.210.172192.168.2.6
                          Mar 14, 2025 08:24:03.584388971 CET4968780192.168.2.6199.232.210.172
                          Mar 14, 2025 08:24:05.054493904 CET49686443192.168.2.62.19.122.56
                          Mar 14, 2025 08:24:05.054976940 CET4968880192.168.2.6199.232.210.172
                          Mar 14, 2025 08:24:05.055032969 CET4968980192.168.2.62.23.77.188
                          Mar 14, 2025 08:24:07.054872036 CET60140443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.054919958 CET4436014020.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.054990053 CET60140443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.055434942 CET60140443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.055449009 CET4436014020.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.056166887 CET4436014020.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.058376074 CET60141443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.058419943 CET4436014120.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.058485031 CET60141443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.058867931 CET60141443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.058883905 CET4436014120.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.059303045 CET4436014120.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.082868099 CET60142443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.082911968 CET4436014220.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.082974911 CET60142443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.083283901 CET60142443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.083300114 CET4436014220.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.083708048 CET4436014220.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.099248886 CET60143443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.099303007 CET4436014320.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.099416971 CET60143443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.099847078 CET60143443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.099865913 CET4436014320.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.100318909 CET4436014320.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.124782085 CET60144443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.124825954 CET4436014420.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.124888897 CET60144443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.125586033 CET60144443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.125597954 CET4436014420.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.126135111 CET4436014420.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.139173031 CET60145443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.139216900 CET4436014520.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.139309883 CET60145443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.139712095 CET60145443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.139725924 CET4436014520.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.140258074 CET4436014520.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.170883894 CET60146443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.170928001 CET4436014620.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.170989990 CET60146443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.171478033 CET60146443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.171497107 CET4436014620.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.171948910 CET4436014620.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.191920996 CET60147443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.191960096 CET4436014720.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.192028999 CET60147443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.192332983 CET60147443192.168.2.620.12.23.50
                          Mar 14, 2025 08:24:07.192342997 CET4436014720.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:07.192749023 CET4436014720.12.23.50192.168.2.6
                          Mar 14, 2025 08:24:08.513698101 CET4971680192.168.2.6185.246.87.22
                          Mar 14, 2025 08:24:08.518739939 CET8049716185.246.87.22192.168.2.6
                          Mar 14, 2025 08:24:21.859576941 CET60157443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:24:21.859627008 CET44360157142.250.186.36192.168.2.6
                          Mar 14, 2025 08:24:21.859741926 CET60157443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:24:21.860165119 CET60157443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:24:21.860183001 CET44360157142.250.186.36192.168.2.6
                          Mar 14, 2025 08:24:22.058084965 CET44360157142.250.186.36192.168.2.6
                          Mar 14, 2025 08:24:22.058731079 CET60158443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:24:22.058760881 CET44360158142.250.186.36192.168.2.6
                          Mar 14, 2025 08:24:22.058872938 CET60158443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:24:22.059170961 CET60158443192.168.2.6142.250.186.36
                          Mar 14, 2025 08:24:22.059185982 CET44360158142.250.186.36192.168.2.6
                          Mar 14, 2025 08:24:22.257011890 CET44360158142.250.186.36192.168.2.6
                          Mar 14, 2025 08:24:22.779782057 CET4971580192.168.2.6185.246.87.22
                          Mar 14, 2025 08:24:22.785837889 CET8049715185.246.87.22192.168.2.6
                          Mar 14, 2025 08:24:23.922132015 CET4971680192.168.2.6185.246.87.22
                          Mar 14, 2025 08:24:23.927385092 CET8049716185.246.87.22192.168.2.6
                          Mar 14, 2025 08:24:23.927455902 CET4971680192.168.2.6185.246.87.22
                          Mar 14, 2025 08:24:33.377234936 CET443496812.23.227.215192.168.2.6
                          Mar 14, 2025 08:24:33.377372980 CET49681443192.168.2.62.23.227.215
                          Mar 14, 2025 08:24:33.377415895 CET443496812.23.227.215192.168.2.6
                          Mar 14, 2025 08:24:33.377475977 CET49681443192.168.2.62.23.227.215
                          TimestampSource PortDest PortSource IPDest IP
                          Mar 14, 2025 08:23:17.579036951 CET53608001.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:17.619590044 CET53568981.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:21.796861887 CET6336053192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:21.797013998 CET5597053192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:21.803881884 CET53559701.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:21.804069996 CET53633601.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:23.478054047 CET5562953192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:23.478498936 CET5353753192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:23.492270947 CET53535371.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:23.497312069 CET5752553192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:23.497569084 CET6239753192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:23.500585079 CET53556291.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:23.510205984 CET53575251.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:23.519148111 CET53623971.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:25.945364952 CET6254353192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:25.945521116 CET5059653192.168.2.61.1.1.1
                          Mar 14, 2025 08:23:25.954557896 CET53625431.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:25.967268944 CET53505961.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:37.844031096 CET53650361.1.1.1192.168.2.6
                          Mar 14, 2025 08:23:42.835603952 CET53646661.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:17.103044033 CET53582201.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:17.514209032 CET53587561.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:19.852870941 CET53579641.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:20.671489954 CET138138192.168.2.6192.168.2.255
                          Mar 14, 2025 08:24:21.924525023 CET5488753192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:21.924806118 CET5041853192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:21.931883097 CET53548871.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:21.932164907 CET53504181.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:22.955065012 CET5843253192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:22.955218077 CET5983153192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:22.964796066 CET53584321.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:22.964869022 CET53598311.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:24.984112024 CET5797453192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:24.990998030 CET53579741.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:25.983417034 CET5797453192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:25.990231991 CET53579741.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:26.999226093 CET5797453192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:27.007211924 CET53579741.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:29.014421940 CET5797453192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:29.021266937 CET53579741.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:33.017019987 CET5797453192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:33.024044037 CET53579741.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:37.924712896 CET6494653192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:37.924870968 CET5959153192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:37.932934046 CET53595911.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:37.932952881 CET53649461.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:38.936923981 CET5457953192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:39.544219017 CET53545791.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:40.967847109 CET5048953192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:40.974808931 CET53504891.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:41.967799902 CET5048953192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:41.975105047 CET53504891.1.1.1192.168.2.6
                          Mar 14, 2025 08:24:42.967880011 CET5048953192.168.2.61.1.1.1
                          Mar 14, 2025 08:24:42.975781918 CET53504891.1.1.1192.168.2.6
                          TimestampSource IPDest IPChecksumCodeType
                          Mar 14, 2025 08:23:23.519201994 CET192.168.2.61.1.1.1c235(Port unreachable)Destination Unreachable
                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Mar 14, 2025 08:23:21.796861887 CET192.168.2.61.1.1.10x4ea0Standard query (0)www.google.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:21.797013998 CET192.168.2.61.1.1.10x91eaStandard query (0)www.google.com65IN (0x0001)false
                          Mar 14, 2025 08:23:23.478054047 CET192.168.2.61.1.1.10x5ecfStandard query (0)6ziv5.escortagencybangalore.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:23.478498936 CET192.168.2.61.1.1.10x6d2aStandard query (0)6ziv5.escortagencybangalore.com65IN (0x0001)false
                          Mar 14, 2025 08:23:23.497312069 CET192.168.2.61.1.1.10x4611Standard query (0)6ziv5.escortagencybangalore.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:23.497569084 CET192.168.2.61.1.1.10x9b12Standard query (0)6ziv5.escortagencybangalore.com65IN (0x0001)false
                          Mar 14, 2025 08:23:25.945364952 CET192.168.2.61.1.1.10xcfbeStandard query (0)feeds.foxnews.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:25.945521116 CET192.168.2.61.1.1.10xa8a0Standard query (0)feeds.foxnews.com65IN (0x0001)false
                          Mar 14, 2025 08:24:21.924525023 CET192.168.2.61.1.1.10x706cStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:21.924806118 CET192.168.2.61.1.1.10x7740Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                          Mar 14, 2025 08:24:22.955065012 CET192.168.2.61.1.1.10x74ffStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:22.955218077 CET192.168.2.61.1.1.10xd0eStandard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                          Mar 14, 2025 08:24:24.984112024 CET192.168.2.61.1.1.10x7cd3Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:25.983417034 CET192.168.2.61.1.1.10x7cd3Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:26.999226093 CET192.168.2.61.1.1.10x7cd3Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:29.014421940 CET192.168.2.61.1.1.10x7cd3Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:33.017019987 CET192.168.2.61.1.1.10x7cd3Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:37.924712896 CET192.168.2.61.1.1.10xa6b4Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:37.924870968 CET192.168.2.61.1.1.10x3ac7Standard query (0)beacons.gvt2.com65IN (0x0001)false
                          Mar 14, 2025 08:24:38.936923981 CET192.168.2.61.1.1.10xe47cStandard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:40.967847109 CET192.168.2.61.1.1.10xf882Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:41.967799902 CET192.168.2.61.1.1.10xf882Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:42.967880011 CET192.168.2.61.1.1.10xf882Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Mar 14, 2025 08:23:21.803881884 CET1.1.1.1192.168.2.60x91eaNo error (0)www.google.com65IN (0x0001)false
                          Mar 14, 2025 08:23:21.804069996 CET1.1.1.1192.168.2.60x4ea0No error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:23.500585079 CET1.1.1.1192.168.2.60x5ecfNo error (0)6ziv5.escortagencybangalore.com185.246.87.22A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:23.510205984 CET1.1.1.1192.168.2.60x4611No error (0)6ziv5.escortagencybangalore.com185.246.87.22A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:25.954557896 CET1.1.1.1192.168.2.60xcfbeNo error (0)feeds.foxnews.comj.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:23:25.954557896 CET1.1.1.1192.168.2.60xcfbeNo error (0)j.sni.global.fastly.net151.101.2.132A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:25.954557896 CET1.1.1.1192.168.2.60xcfbeNo error (0)j.sni.global.fastly.net151.101.66.132A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:25.954557896 CET1.1.1.1192.168.2.60xcfbeNo error (0)j.sni.global.fastly.net151.101.130.132A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:25.954557896 CET1.1.1.1192.168.2.60xcfbeNo error (0)j.sni.global.fastly.net151.101.194.132A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:23:25.967268944 CET1.1.1.1192.168.2.60xa8a0No error (0)feeds.foxnews.comj.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:21.931883097 CET1.1.1.1192.168.2.60x706cNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:21.931883097 CET1.1.1.1192.168.2.60x706cNo error (0)beacons-handoff.gcp.gvt2.com142.250.180.67A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:21.932164907 CET1.1.1.1192.168.2.60x7740No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:22.964796066 CET1.1.1.1192.168.2.60x74ffNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:22.964796066 CET1.1.1.1192.168.2.60x74ffNo error (0)beacons-handoff.gcp.gvt2.com142.251.143.67A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:22.964869022 CET1.1.1.1192.168.2.60xd0eNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:24.990998030 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:24.990998030 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons-handoff.gcp.gvt2.com142.251.143.35A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:25.990231991 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:25.990231991 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons-handoff.gcp.gvt2.com142.251.143.35A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:27.007211924 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:27.007211924 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons-handoff.gcp.gvt2.com142.251.143.35A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:29.021266937 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:29.021266937 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons-handoff.gcp.gvt2.com142.251.143.35A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:33.024044037 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 14, 2025 08:24:33.024044037 CET1.1.1.1192.168.2.60x7cd3No error (0)beacons-handoff.gcp.gvt2.com142.251.143.35A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:37.932952881 CET1.1.1.1192.168.2.60xa6b4No error (0)beacons.gvt2.com172.217.23.99A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:39.544219017 CET1.1.1.1192.168.2.60xe47cNo error (0)beacons.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:40.974808931 CET1.1.1.1192.168.2.60xf882No error (0)beacons.gvt2.com172.217.23.99A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:41.975105047 CET1.1.1.1192.168.2.60xf882No error (0)beacons.gvt2.com172.217.23.99A (IP address)IN (0x0001)false
                          Mar 14, 2025 08:24:42.975781918 CET1.1.1.1192.168.2.60xf882No error (0)beacons.gvt2.com172.217.23.99A (IP address)IN (0x0001)false
                          • 6ziv5.escortagencybangalore.com
                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.649715185.246.87.2280748C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          Mar 14, 2025 08:23:23.925493956 CET509OUTGET /rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 HTTP/1.1
                          Host: 6ziv5.escortagencybangalore.com
                          Connection: keep-alive
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Mar 14, 2025 08:23:24.132869959 CET487INHTTP/1.1 200 OK
                          Content-Type: text/html; charset=utf-8
                          X-Address: gin_throttle_mw_7200000000_8.46.123.189
                          X-Ratelimit-Limit: 500
                          X-Ratelimit-Remaining: 499
                          X-Ratelimit-Reset: 1741940604
                          Date: Fri, 14 Mar 2025 07:23:24 GMT
                          Content-Length: 235
                          Data Raw: 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 74 61 72 63 6b 69 6e 67 5f 70 61 72 61 6d 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 73 70 6c 69 74 28 27 23 27 29 5b 31 5d 3b 0a 69 66 28 21 74 61 72 63 6b 69 6e 67 5f 70 61 72 61 6d 29 7b 0a 09 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 22 2f 72 64 2f 22 2c 20 22 2f 74 2f 22 29 3b 0a 7d 65 6c 73 65 7b 0a 09 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 2f 74 2f 27 2b 74 61 72 63 6b 69 6e 67 5f 70 61 72 61 6d 3b 0a 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 3e 3c 2f 70 3e 0a
                          Data Ascii: <script>var tarcking_param = window.location.href.split('#')[1];if(!tarcking_param){document.location.href = document.location.href.replace("/rd/", "/t/");}else{document.location.href = '/t/'+tarcking_param;}</script><p></p>
                          Mar 14, 2025 08:23:24.179873943 CET621OUTGET /t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12 HTTP/1.1
                          Host: 6ziv5.escortagencybangalore.com
                          Connection: keep-alive
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Referer: http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Mar 14, 2025 08:23:24.452235937 CET462INHTTP/1.1 200 OK
                          Content-Type: text/html; charset=utf-8
                          X-Address: gin_throttle_mw_7200000000_8.46.123.189
                          X-Ratelimit-Limit: 500
                          X-Ratelimit-Remaining: 498
                          X-Ratelimit-Reset: 1741940604
                          Date: Fri, 14 Mar 2025 07:23:24 GMT
                          Content-Length: 210
                          Data Raw: 3c 73 63 72 69 70 74 3e 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 2f 6e 65 77 73 3f 71 3d 49 50 20 70 72 6f 76 69 64 65 72 20 69 73 20 62 6c 61 63 6b 6c 69 73 74 65 64 21 20 4c 45 56 45 4c 33 27 3b 20 0a 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 6e 65 77 73 3f 71 3d 49 50 20 70 72 6f 76 69 64 65 72 20 69 73 20 62 6c 61 63 6b 6c 69 73 74 65 64 21 20 4c 45 56 45 4c 33 27 29 3b 0a 7d 2c 20 31 30 30 30 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 3e 3c 2f 70 3e 0a
                          Data Ascii: <script>setTimeout(function(){ window.location.href = '/news?q=IP provider is blacklisted! LEVEL3'; console.log('redirecting to /news?q=IP provider is blacklisted! LEVEL3');}, 1000);</script><p></p>
                          Mar 14, 2025 08:23:24.511616945 CET468OUTGET /favicon.ico HTTP/1.1
                          Host: 6ziv5.escortagencybangalore.com
                          Connection: keep-alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          Referer: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Mar 14, 2025 08:23:24.686572075 CET258INHTTP/1.1 404 Not Found
                          Content-Type: text/plain; charset=utf-8
                          X-Address: gin_throttle_mw_7200000000_8.46.123.189
                          X-Ratelimit-Limit: 500
                          X-Ratelimit-Remaining: 497
                          X-Ratelimit-Reset: 1741940604
                          Date: Fri, 14 Mar 2025 07:23:24 GMT
                          Content-Length: 0
                          Mar 14, 2025 08:23:25.721240044 CET607OUTGET /news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 HTTP/1.1
                          Host: 6ziv5.escortagencybangalore.com
                          Connection: keep-alive
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Referer: http://6ziv5.escortagencybangalore.com/t/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Mar 14, 2025 08:23:25.906162977 CET1236INHTTP/1.1 200 OK
                          Content-Type: text/html; charset=utf-8
                          X-Address: gin_throttle_mw_7200000000_8.46.123.189
                          X-Ratelimit-Limit: 500
                          X-Ratelimit-Remaining: 496
                          X-Ratelimit-Reset: 1741940604
                          Date: Fri, 14 Mar 2025 07:23:25 GMT
                          Transfer-Encoding: chunked
                          Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 61 6c 69 69 73 75 72 66 2e 69 6e 66 6f 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 [TRUNCATED]
                          Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - aliisurf.info </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none; }
                          Mar 14, 2025 08:23:25.906214952 CET1236INData Raw: 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 77 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a
                          Data Ascii: .news-item a:hover { text-decoration: underline; } .news-item p { font-size: 1rem; margin-bottom: 0; } </style></head><body><div class="container"> <h1>Fox News
                          Mar 14, 2025 08:23:25.906253099 CET998INData Raw: 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 67 75 69 64 20 3d 20 67 75 69 64 45 6c 65 6d 65 6e 74 20 3f 20 67 75 69 64 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3a 20 22 23 22 3b 0a 20 20 20 20 20 20 20 20 20 20
                          Data Ascii: ; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentElem
                          Mar 14, 2025 08:23:37.369050026 CET545OUTGET / HTTP/1.1
                          Host: 6ziv5.escortagencybangalore.com
                          Connection: keep-alive
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Referer: http://6ziv5.escortagencybangalore.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Mar 14, 2025 08:23:37.543749094 CET1236INHTTP/1.1 200 OK
                          Content-Type: text/html; charset=utf-8
                          X-Address: gin_throttle_mw_7200000000_8.46.123.189
                          X-Ratelimit-Limit: 500
                          X-Ratelimit-Remaining: 495
                          X-Ratelimit-Reset: 1741940604
                          Date: Fri, 14 Mar 2025 07:23:37 GMT
                          Transfer-Encoding: chunked
                          Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 61 6c 69 69 73 75 72 66 2e 69 6e 66 6f 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 21 3c [TRUNCATED]
                          Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - aliisurf.info</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id="su
                          Mar 14, 2025 08:23:37.543772936 CET1236INData Raw: 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 62 6d 69 74 46 6f 72 6d 28 65 76 65 6e 74 29 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 69 64 3d 22 65 6d 61
                          Data Ascii: bscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</button> <p id="subscription-message"></p> </form> <a href="
                          Mar 14, 2025 08:23:37.543790102 CET680INData Raw: 25 20 28 31 30 30 30 20 2a 0a 20 20 20 20 20 20 20 20 20 20 20 20 36 30 29 29 20 2f 20 31 30 30 30 29 3b 0a 0a 20 20 20 20 20 20 20 20 64 61 79 73 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3d 20 64 61 79 73 2e 74 6f 53 74 72 69
                          Data Ascii: % (1000 * 60)) / 1000); daysElement.textContent = days.toString().padStart(2, '0'); hoursElement.textContent = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().padStart(2,
                          Mar 14, 2025 08:23:37.565819979 CET366OUTGET /assets/styles.css HTTP/1.1
                          Host: 6ziv5.escortagencybangalore.com
                          Connection: keep-alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: text/css,*/*;q=0.1
                          Referer: http://6ziv5.escortagencybangalore.com/
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Mar 14, 2025 08:23:37.775954008 CET1236INHTTP/1.1 200 OK
                          Accept-Ranges: bytes
                          Content-Length: 1435
                          Content-Type: text/css; charset=utf-8
                          Last-Modified: Mon, 10 Mar 2025 22:07:33 GMT
                          Date: Fri, 14 Mar 2025 07:23:37 GMT
                          Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 33 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 34 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 3b 0a 20 20 20 20 [TRUNCATED]
                          Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { background-color: #ffffff; padding: 30px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); text-align: center;}h1 { font-size: 36px; margin-bottom: 20px; color: #333;}p { font-size: 18px; color: #777; margin-bottom: 40px;}.countdown { display: flex; justify-content: center; margin-bottom: 40px;}.countdown-item { display: inline-block; margin: 0 10px;}.countdown-item span { font-size: 24px; color: #444;}.countdown-item label { display: block; font-size: 14px; color: #999;}form { display: flex; justify-content: center; align-items: center; flex-direction: column;}input[type="email"] { font-size: 16px; padding: 10px; border: 1px solid #ccc; [TRUNCATED]
                          Mar 14, 2025 08:23:37.775983095 CET384INData Raw: 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 33 30 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20
                          Data Ascii: max-width: 300px; margin-bottom: 20px;}button { font-size: 16px; padding: 10px 20px; background-color: #333; color: #fff; border: none; border-radius: 5px; cursor: pointer; transition: background-color
                          Mar 14, 2025 08:24:22.779782057 CET6OUTData Raw: 00
                          Data Ascii:


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.649716185.246.87.2280748C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          Mar 14, 2025 08:24:08.513698101 CET6OUTData Raw: 00
                          Data Ascii:


                          020406080s020406080100

                          Click to jump to process

                          020406080s0.0050100MB

                          Click to jump to process

                          Target ID:1
                          Start time:03:23:12
                          Start date:14/03/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                          Imagebase:0x7ff63b000000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          Target ID:3
                          Start time:03:23:15
                          Start date:14/03/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2156,i,14519798981091135096,4749171069749786451,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3
                          Imagebase:0x7ff63b000000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          Target ID:12
                          Start time:03:23:22
                          Start date:14/03/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://6ziv5.escortagencybangalore.com/rd/4IMxhQ4645tIMt85vcjvrjbito246VNJQRKRLOLTJBDI7792FQXV17397G12"
                          Imagebase:0x7ff63b000000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          No disassembly