Edit tour

Windows Analysis Report
https://bhy.srl.mybluehost.me/SBB/index/

Overview

General Information

Sample URL:	https://bhy.srl.mybluehost.me/SBB/index/
Analysis ID:	1521186
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1936,i,10146357521803993831,7334041318173328090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhy.srl.mybluehost.me/SBB/index/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://bhy.srl.mybluehost.me/SBB/index/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Multi AV Scanner detection for submitted file

Source: https://bhy.srl.mybluehost.me/SBB/index/

Virustotal: Detection: 13%

Perma Link

Source: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:51338 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:51340 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:51343 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.6:51336 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199

Source: global traffic	HTTP traffic detected: GET /SBB/index/ HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/suspendedpage.cgi HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/user/suspended_account/_bh/suspended.css HTTP/1.1Host: bluehost-cdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bhy.srl.mybluehost.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/user/suspended_account/_bh/beback-soon.png HTTP/1.1Host: bluehost-cdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bhy.srl.mybluehost.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgiAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/user/suspended_account/_bh/beback-soon.png HTTP/1.1Host: bluehost-cdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/suspendedpage.cgi HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgiAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cgi-sys/suspendedpage.cgi HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: bhy.srl.mybluehost.me
Source: global traffic	DNS traffic detected: DNS query: bluehost-cdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_113.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51342
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51343
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51340
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51338
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:51338 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:51340 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:51343 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@21/12@10/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1936,i,10146357521803993831,7334041318173328090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhy.srl.mybluehost.me/SBB/index/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1936,i,10146357521803993831,7334041318173328090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://bhy.srl.mybluehost.me/SBB/index/	14%	Virustotal		Browse
https://bhy.srl.mybluehost.me/SBB/index/	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bhy.srl.mybluehost.me	50.6.153.168	true	false	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
bluehost-cdn.com	34.233.140.183	true	false	unknown
www.google.com	142.250.185.68	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
windowsupdatebg.s.llnwi.net	87.248.205.0	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://bhy.srl.mybluehost.me/SBB/index/	true	unknown
https://bluehost-cdn.com/media/user/suspended_account/_bh/suspended.css	false	unknown
https://bluehost-cdn.com/media/user/suspended_account/_bh/beback-soon.png	false	unknown
https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi	false	unknown
https://bhy.srl.mybluehost.me/favicon.ico	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
34.233.140.183	bluehost-cdn.com	United States	14618	AMAZON-AESUS	false
50.6.153.168	bhy.srl.mybluehost.me	United States	46606	UNIFIEDLAYER-AS-1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.216.86.236	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521186
Start date and time:	2024-09-28 05:39:22 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://bhy.srl.mybluehost.me/SBB/index/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@21/12@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.46, 64.233.184.84, 34.104.35.123, 142.250.185.195, 142.250.185.234, 4.175.87.197, 192.229.221.95, 199.232.210.172, 13.85.23.206, 13.95.31.18, 142.250.184.227, 93.184.221.240
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Model: jbxai	{ "brand":["Bluehost"], "contains_trigger_text":true, "trigger_text":"Please contact our support team for further assistance.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Model: jbxai

{
"brand":["Bluehost"],
"contains_trigger_text":true,
"trigger_text":"Please contact our support team for further assistance.",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	946
Entropy (8bit):	4.810938905259325
Encrypted:	false
SSDEEP:	12:hYUy7G2CnddWNWprzaSbZBEdYXg2y/iEftCxRxwHEV7FzVKiw/7WoQL:hYUCZC3WNIbZyOXXyKEMRxUg8dQ
MD5:	624B88AEE8E0DE419722288D2978F917
SHA1:	5E2AB4F6E167B86F3C824080381E5656EED0C2FE
SHA-256:	B4537CCF6B54E753C4D82946E5733C45C28AED807744495935C7357F53A702A9
SHA-512:	E6F62FB6D96118B275D0B0867E5F6C04601E1047AF1F0814E3235339BB30D15433D7624F52B08E76933958CE17AB61C75D683BF77D177B3FE002B56898AF6E30
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspended.css">. <link rel="preconnect" href="//fonts.gstatic.com">. <link href="//fonts.googleapis.com/css2?family=Open+Sans:wght@300;400&display=swap" rel="stylesheet">. </head>. <body>. <div>. <img class="suspend-photo" src="//bluehost-cdn.com/media/user/suspended_account/_bh/beback-soon.png" alt="Account suspended photo">. <h2 class="suspend-text">Account Suspended!</h2>. <p class="contact-support">Please contact our support team for further assistance.</p>. <p class="questions">*If you.re the owner of this website and have questions, reach out to Bluehost. We.re happy to help.</p>. </div>. </body>.</html>.

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1430 x 982, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	43201
Entropy (8bit):	7.659124990561904
Encrypted:	false
SSDEEP:	768:LugxQTPvEE/wt7V88rsJDyE+w04UgOHX0voOdejIU0MKADQzR+Ra:LSDcewB5r8DyEs4XO30voOeZDU84
MD5:	495826852EE860B53716AEEDFCAD9F75
SHA1:	6FF9EEF566AA5BFE11749B37E16C1F24941633CC
SHA-256:	A9119A330A2C1F636051FC96E31AF730D7BD096D358D7AD1681AC3770630F4A8
SHA-512:	8A6DEE67E925081690D085DC789E7142F33F8C131323A3C067F46C0E2C913EF6651AC64EE61067C6E678FCBAF0FFA91F4BC6CE814F3050647D2736E63609A326
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............s..Q....IDATx...Q.. .......k.z.P...}.......'......,..e......2.....b.............X.....@,......X.....@,..... ..............e......2......e......2.....b.............X.....@,......X.....@,..... ...............T......e......2.....b.............X.............X.....@,..... ..............e.............e......2.....b.............X.............X.....@,..... .............$........e......2.....b.............b.............X.....@,..... ............. ..............e......2.....b.............b.............X.....@,..... .S..... ..............e......2.....b.......2.....b.............X.....@,..... ......@,..... ..............e......2.....b.......2.....b.............X.....@,......@,..... ..............e......2......e......2.....b.............X.....@,......X.....@,..... ..............e......2......e......2.....b.............XN......X.....@,..... ..............e.............e......2.....b.............X.............X.....@,..... ..............e.............e......2.....b.......

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Category:	downloaded
Size (bytes):	48236
Entropy (8bit):	7.994912604882335
Encrypted:	true
SSDEEP:	768:uj6JxavgLx5rjTH3CdZ3y11o4uMb2IVEhiB6z6GAAHJApICtBgso6HaOjTXHRWK:ujoa4LxZPCdm3B2IVEhiB62apApISxos
MD5:	015C126A3520C9A8F6A27979D0266E96
SHA1:	2ACF956561D44434A6D84204670CF849D3215D5F
SHA-256:	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
SHA-512:	02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...\|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2.........C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	946
Entropy (8bit):	4.810938905259325
Encrypted:	false
SSDEEP:	12:hYUy7G2CnddWNWprzaSbZBEdYXg2y/iEftCxRxwHEV7FzVKiw/7WoQL:hYUCZC3WNIbZyOXXyKEMRxUg8dQ
MD5:	624B88AEE8E0DE419722288D2978F917
SHA1:	5E2AB4F6E167B86F3C824080381E5656EED0C2FE
SHA-256:	B4537CCF6B54E753C4D82946E5733C45C28AED807744495935C7357F53A702A9
SHA-512:	E6F62FB6D96118B275D0B0867E5F6C04601E1047AF1F0814E3235339BB30D15433D7624F52B08E76933958CE17AB61C75D683BF77D177B3FE002B56898AF6E30
Malicious:	false
Reputation:	low
URL:	https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspended.css">. <link rel="preconnect" href="//fonts.gstatic.com">. <link href="//fonts.googleapis.com/css2?family=Open+Sans:wght@300;400&display=swap" rel="stylesheet">. </head>. <body>. <div>. <img class="suspend-photo" src="//bluehost-cdn.com/media/user/suspended_account/_bh/beback-soon.png" alt="Account suspended photo">. <h2 class="suspend-text">Account Suspended!</h2>. <p class="contact-support">Please contact our support team for further assistance.</p>. <p class="questions">*If you.re the owner of this website and have questions, reach out to Bluehost. We.re happy to help.</p>. </div>. </body>.</html>.

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1430 x 982, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	43201
Entropy (8bit):	7.659124990561904
Encrypted:	false
SSDEEP:	768:LugxQTPvEE/wt7V88rsJDyE+w04UgOHX0voOdejIU0MKADQzR+Ra:LSDcewB5r8DyEs4XO30voOeZDU84
MD5:	495826852EE860B53716AEEDFCAD9F75
SHA1:	6FF9EEF566AA5BFE11749B37E16C1F24941633CC
SHA-256:	A9119A330A2C1F636051FC96E31AF730D7BD096D358D7AD1681AC3770630F4A8
SHA-512:	8A6DEE67E925081690D085DC789E7142F33F8C131323A3C067F46C0E2C913EF6651AC64EE61067C6E678FCBAF0FFA91F4BC6CE814F3050647D2736E63609A326
Malicious:	false
Reputation:	low
URL:	https://bluehost-cdn.com/media/user/suspended_account/_bh/beback-soon.png
Preview:	.PNG........IHDR.............s..Q....IDATx...Q.. .......k.z.P...}.......'......,..e......2.....b.............X.....@,......X.....@,..... ..............e......2......e......2.....b.............X.....@,......X.....@,..... ...............T......e......2.....b.............X.............X.....@,..... ..............e.............e......2.....b.............X.............X.....@,..... .............$........e......2.....b.............b.............X.....@,..... ............. ..............e......2.....b.............b.............X.....@,..... .S..... ..............e......2.....b.......2.....b.............X.....@,..... ......@,..... ..............e......2.....b.......2.....b.............X.....@,......@,..... ..............e......2......e......2.....b.............X.....@,......X.....@,..... ..............e......2......e......2.....b.............XN......X.....@,..... ..............e.............e......2.....b.............X.............X.....@,..... ..............e.............e......2.....b.......

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	11634
Entropy (8bit):	5.3577118756441005
Encrypted:	false
SSDEEP:	192:f/Pz+qSc6uy9rbqGIwYGV1pi/KWbqXV6uyErbqGIwYjc1Yf:nb8q9DaHq9N
MD5:	D404D8BE119B0C778116319D1B9FE734
SHA1:	C62A27A948F601BF3781EBEBD5049FF6AB89593D
SHA-256:	8BD8A746EFD5972536245F2F2C6E4213360405BE048112EE66E3A2612EDB43BF
SHA-512:	5C7BD037730E92BAE8ABE6DA9C327AF4612C9DEFFBEE64C373CB71F458BB9B9D302FB515A8523A3BA82EAE5BA5385B453CF641CA172FF6B5F4473EC38AC25C9C
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	955
Entropy (8bit):	4.875299756989579
Encrypted:	false
SSDEEP:	24:SF68pSAzxYRGvyOSejw0GvOcw0O8BDcZA:SFPSU6GvyOS8GvnOwDQA
MD5:	6AC12DE9CA46F24A05A01C7BA24C40DC
SHA1:	27F9E7A53436525AFF12B1A1E4FB6486DCDE8A08
SHA-256:	33FB84F9CC077193B201B1BBFFC3F98AF428A915202E911ACF56BC822834B4D4
SHA-512:	F94034D5A53D2DE17ED903A761CBCF39F133D43F0A7690351FA917709B29B7E5190FA06F58974A7491C65D71C717C9CC958C5AB1DBD1EB32F92401CAC01F4EC3
Malicious:	false
Reputation:	low
URL:	https://bluehost-cdn.com/media/user/suspended_account/_bh/suspended.css
Preview:	.suspend-photo {. background: transparent url('bh-beback-soon.png') no-repeat;. background: center;. width: 100%;. height: 100%;. opacity: 1;.}..suspend-text {. position: absolute;. font-size: 36px;. top: 370px;. margin-left: 10px;. color: #5C5C5C;. opacity: 1;. font-weight: 200;. font-family: 'Open Sans', sans-serif;.}..contact-support {. position: absolute;. font-size: 16px;. text-align: center;. top: 450px;. margin-left: 10px;. color: #5B5B5B;. font-family: 'Open Sans', sans-serif;.}..questions {. text-align: center;. color: #5B5B5B;. font-family: 'Open Sans', sans-serif;. font-size: 15px;.}.@media (max-width: 600px) {. .suspend-text {. font-size: 1.0em;. top: 60px;. }. .contact-support {. font-size: 14px;. top: 85px;. }.}.@media (min-width: 768px) and (max-width: 1024px) {. .suspend-text {. font-size: 1.25em;. top: 200px;. }. .contact-support {. font-size: 15px;. top: 245px;. }.}.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:40:08.675579071 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:40:08.675579071 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:40:09.003735065 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:40:15.534790039 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:15.534883022 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:15.534965038 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:15.536226988 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:15.536262989 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.325093985 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.325257063 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.327316999 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.327337027 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.327595949 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.329039097 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.329098940 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.329104900 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.329210043 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.375401020 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.505609035 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.505691051 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.505773067 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.507169008 CEST	49711	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.507190943 CEST	443	49711	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.983061075 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.983104944 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:16.983172894 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.983822107 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:16.983835936 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:17.849430084 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:17.849522114 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:17.911287069 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:17.911320925 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:17.911736012 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:18.060646057 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:18.060762882 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:18.060775042 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:18.060937881 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:18.107397079 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:18.138259888 CEST	49718	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.138312101 CEST	443	49718	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.138569117 CEST	49718	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.138720989 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.138760090 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.138803959 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.139420033 CEST	49718	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.139440060 CEST	443	49718	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.139442921 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.139452934 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.231064081 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:18.231157064 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:18.231230974 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:18.231405020 CEST	49715	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:18.231425047 CEST	443	49715	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:18.286748886 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:40:18.441344976 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:40:18.633842945 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.636269093 CEST	443	49718	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.639683962 CEST	49718	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.639710903 CEST	443	49718	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.639764071 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.639799118 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.640594006 CEST	443	49718	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.640748024 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.640815973 CEST	49718	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.640818119 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.641860008 CEST	49718	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.641895056 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.641917944 CEST	443	49718	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.641959906 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.642096996 CEST	49718	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.642103910 CEST	443	49718	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.771320105 CEST	443	49718	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.771548033 CEST	49718	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.771989107 CEST	49718	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.772006989 CEST	443	49718	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.773792028 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.773829937 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.792048931 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:40:18.838330984 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.902262926 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.913518906 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:18.914236069 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.915139914 CEST	49719	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:18.915158987 CEST	443	49719	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:19.137978077 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.138005972 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.138067961 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.138118982 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.138153076 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.138221025 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.138360977 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.138374090 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.138499975 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.138509989 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.705745935 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.707958937 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.708628893 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.708647013 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.709132910 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.709141970 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.709562063 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.709625959 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.710558891 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.710623026 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.711802959 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.711863041 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.712162018 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.712172985 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.712323904 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.712403059 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.712466955 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.712471962 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:19.754340887 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:19.754343033 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.047225952 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.047319889 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.047362089 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.053360939 CEST	49722	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.053378105 CEST	443	49722	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.189889908 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.189920902 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.189929962 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.189948082 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.189981937 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.190011978 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.190022945 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.190036058 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.190057993 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.190138102 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.191107988 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.191129923 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.191181898 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.191189051 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.191215038 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.191234112 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.192121029 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.192195892 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.192199945 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.192212105 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:20.192244053 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.192265987 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.282871962 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 28, 2024 05:40:20.282989979 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 28, 2024 05:40:20.697573900 CEST	49723	443	192.168.2.6	34.233.140.183
Sep 28, 2024 05:40:20.697618961 CEST	443	49723	34.233.140.183	192.168.2.6
Sep 28, 2024 05:40:21.680416107 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:21.680464983 CEST	443	49727	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:21.680562973 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:21.681910038 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:21.681931019 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:21.682068110 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:21.735578060 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:21.735578060 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:21.735593081 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:21.735604048 CEST	443	49727	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.160408020 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:22.160439968 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:22.164457083 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:22.167877913 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:22.167891026 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:22.232451916 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:22.232513905 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:22.236566067 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:22.237066031 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:22.237083912 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:22.243429899 CEST	443	49727	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.244735956 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.244760036 CEST	443	49727	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.245146990 CEST	443	49727	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.264863968 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.264863968 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.265033960 CEST	443	49727	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.316468954 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.372203112 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:22.372817993 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:22.372834921 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:22.373871088 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:22.373965979 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:22.383304119 CEST	443	49727	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.383371115 CEST	443	49727	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.383848906 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.383862972 CEST	443	49727	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.383889914 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.384021997 CEST	49727	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.759902954 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:22.760019064 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:22.766391993 CEST	49731	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.766431093 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.766484976 CEST	49731	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.766836882 CEST	49731	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:22.766846895 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:22.811176062 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:22.811275959 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:22.814445972 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:22.814465046 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:22.852005005 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:22.861234903 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:22.892544031 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:22.894172907 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:22.894195080 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:22.894427061 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:22.894438982 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:22.894578934 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:22.895601034 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:22.895615101 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:22.895669937 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:22.901096106 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:22.901177883 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:22.904484987 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:22.904506922 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:22.940948963 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:22.949873924 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.173121929 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:23.219393969 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:23.342180967 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:23.343061924 CEST	49731	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:23.343092918 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:23.343538046 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:23.344118118 CEST	49731	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:23.344187975 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:23.345036983 CEST	49731	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:23.358566999 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:23.358678102 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:23.358755112 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:23.372812986 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:23.372833014 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:23.372843981 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:23.372850895 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:23.387407064 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:23.398228884 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.398252010 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.398257971 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.398284912 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.398294926 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.398305893 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.398310900 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.398343086 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.398355961 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.398386002 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.399241924 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.399254084 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.399279118 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.399302959 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.399311066 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.399343014 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.399353981 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.400152922 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.400177956 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.400207996 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.400213957 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.400223970 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.400249004 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.400274992 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.401761055 CEST	49730	443	192.168.2.6	18.216.86.236
Sep 28, 2024 05:40:23.401772976 CEST	443	49730	18.216.86.236	192.168.2.6
Sep 28, 2024 05:40:23.427720070 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:23.427778006 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:23.427843094 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:23.428705931 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:23.428723097 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:23.492592096 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:23.492693901 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:23.492736101 CEST	49731	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:23.529732943 CEST	49731	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:23.529752970 CEST	443	49731	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:23.607306957 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:23.607355118 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:23.607798100 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:23.623331070 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:23.623351097 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:24.071703911 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:24.071788073 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:24.077343941 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:24.077358007 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:24.077723026 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:24.078819990 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:24.111505985 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:24.111886978 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:24.111917019 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:24.112858057 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:24.112929106 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:24.113354921 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:24.113413095 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:24.113708973 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:24.113718987 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:24.123400927 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:24.158339024 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:24.262545109 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:24.262664080 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:24.262725115 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:24.263603926 CEST	49733	443	192.168.2.6	50.6.153.168
Sep 28, 2024 05:40:24.263624907 CEST	443	49733	50.6.153.168	192.168.2.6
Sep 28, 2024 05:40:24.350461006 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:24.350534916 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:24.350830078 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:24.351520061 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:24.351547956 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:24.351558924 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 28, 2024 05:40:24.351564884 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 28, 2024 05:40:25.651639938 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:25.651696920 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:25.651901960 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:25.652596951 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:25.652605057 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:26.432080030 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:26.432161093 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:26.434081078 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:26.434092999 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:26.434452057 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:26.436373949 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:26.436465979 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:26.436470985 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:26.436609983 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:26.483397961 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:26.606426954 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:26.606523991 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:26.606623888 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:26.606899023 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:26.606915951 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:28.083796024 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:28.083844900 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:28.083928108 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:28.084582090 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:28.084594011 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:28.886296034 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:28.887293100 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:28.901462078 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:28.901480913 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:28.901741028 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:28.915507078 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:28.916018963 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:28.916019917 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:28.916038036 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:28.963404894 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:29.089977980 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:29.090059996 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:29.090253115 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:29.090636015 CEST	49735	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:29.090653896 CEST	443	49735	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:32.287688017 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:32.287746906 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:32.287794113 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:33.192051888 CEST	49728	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:40:33.192086935 CEST	443	49728	142.250.185.68	192.168.2.6
Sep 28, 2024 05:40:39.277880907 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:39.277925014 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:39.278012037 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:39.278693914 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:39.278708935 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:40.056238890 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:40.056310892 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:40.060096025 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:40.060106993 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:40.060343981 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:40.062243938 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:40.062308073 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:40.062314034 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:40.062470913 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:40.107407093 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:40.232736111 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:40.232801914 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:40.232850075 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:40.233095884 CEST	49740	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:40.233114958 CEST	443	49740	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:48.226006031 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:48.226099968 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:48.226205111 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:48.227070093 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:48.227092028 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:49.029234886 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:49.029330015 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:49.041011095 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:49.041032076 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:49.041309118 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:49.043270111 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:49.043695927 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:49.043700933 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:49.044574976 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:49.087423086 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:49.221770048 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:49.221851110 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:49.221908092 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:49.222616911 CEST	49741	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:40:49.222636938 CEST	443	49741	40.113.103.199	192.168.2.6
Sep 28, 2024 05:40:59.171519041 CEST	51336	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:59.176474094 CEST	53	51336	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:59.177228928 CEST	51336	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:59.185086966 CEST	51336	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:59.190004110 CEST	53	51336	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:59.640913010 CEST	53	51336	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:59.644428968 CEST	51336	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:59.649606943 CEST	53	51336	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:59.649666071 CEST	51336	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:41:01.794034958 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:01.794086933 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:01.794167995 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:01.794701099 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:01.794714928 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:02.707199097 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:02.707283020 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:02.709441900 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:02.709455013 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:02.709660053 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:02.711612940 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:02.711679935 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:02.711683989 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:02.711801052 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:02.759397984 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:02.912791967 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:02.912873030 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:02.913223028 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:02.914026976 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:02.914043903 CEST	443	51338	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:02.914053917 CEST	51338	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:16.274492979 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:16.274548054 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:16.274785995 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:16.275639057 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:16.275649071 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:17.053368092 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:17.053456068 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:17.055850983 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:17.055864096 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:17.056068897 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:17.057344913 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:17.057668924 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:17.057674885 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:17.057806969 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:17.099410057 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:17.231508970 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:17.231589079 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:17.231648922 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:17.231920958 CEST	51340	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:17.231940985 CEST	443	51340	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:21.386868000 CEST	51342	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:41:21.386945009 CEST	443	51342	142.250.185.68	192.168.2.6
Sep 28, 2024 05:41:21.387027979 CEST	51342	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:41:21.387295961 CEST	51342	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:41:21.387315989 CEST	443	51342	142.250.185.68	192.168.2.6
Sep 28, 2024 05:41:22.013212919 CEST	443	51342	142.250.185.68	192.168.2.6
Sep 28, 2024 05:41:22.014122009 CEST	51342	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:41:22.014156103 CEST	443	51342	142.250.185.68	192.168.2.6
Sep 28, 2024 05:41:22.014550924 CEST	443	51342	142.250.185.68	192.168.2.6
Sep 28, 2024 05:41:22.015130043 CEST	51342	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:41:22.015199900 CEST	443	51342	142.250.185.68	192.168.2.6
Sep 28, 2024 05:41:22.066065073 CEST	51342	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:41:26.093808889 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:26.093879938 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:26.094054937 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:26.094866991 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:26.094894886 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:26.872775078 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:26.872853041 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:26.875057936 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:26.875082016 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:26.875452042 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:26.877487898 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:26.877574921 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:26.877587080 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:26.877720118 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:26.919414997 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:27.047106981 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:27.047272921 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:27.047342062 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:27.047591925 CEST	51343	443	192.168.2.6	40.113.103.199
Sep 28, 2024 05:41:27.047619104 CEST	443	51343	40.113.103.199	192.168.2.6
Sep 28, 2024 05:41:31.920802116 CEST	443	51342	142.250.185.68	192.168.2.6
Sep 28, 2024 05:41:31.920922995 CEST	443	51342	142.250.185.68	192.168.2.6
Sep 28, 2024 05:41:31.920972109 CEST	51342	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:41:33.193180084 CEST	51342	443	192.168.2.6	142.250.185.68
Sep 28, 2024 05:41:33.193228006 CEST	443	51342	142.250.185.68	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:40:16.862571955 CEST	53	52126	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:16.970218897 CEST	53	50166	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:18.104080915 CEST	53	54467	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:18.125308990 CEST	55267	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:18.125689983 CEST	56640	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:18.136663914 CEST	53	56640	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:18.137362003 CEST	53	55267	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:18.958044052 CEST	63164	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:18.958290100 CEST	54688	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:18.966896057 CEST	53	54688	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:18.967031002 CEST	53	51734	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:19.137440920 CEST	53	63164	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:21.510205984 CEST	53325	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:21.510273933 CEST	63196	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:21.516901970 CEST	53	63196	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:21.517069101 CEST	53	53325	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:22.197237015 CEST	49259	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:22.197237015 CEST	49670	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:22.204163074 CEST	53	49670	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:22.210205078 CEST	53	49259	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:23.568275928 CEST	58433	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:23.568556070 CEST	56839	53	192.168.2.6	1.1.1.1
Sep 28, 2024 05:40:23.579605103 CEST	53	58433	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:23.751332998 CEST	53	56839	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:35.040843964 CEST	53	64763	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:54.105041027 CEST	53	58632	1.1.1.1	192.168.2.6
Sep 28, 2024 05:40:59.170793056 CEST	53	60081	1.1.1.1	192.168.2.6
Sep 28, 2024 05:41:16.623414993 CEST	53	52564	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 28, 2024 05:40:23.751439095 CEST	192.168.2.6	1.1.1.1	c22e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 05:40:18.125308990 CEST	192.168.2.6	1.1.1.1	0x9e01	Standard query (0)	bhy.srl.mybluehost.me	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:18.125689983 CEST	192.168.2.6	1.1.1.1	0x5f55	Standard query (0)	bhy.srl.mybluehost.me	65	IN (0x0001)	false
Sep 28, 2024 05:40:18.958044052 CEST	192.168.2.6	1.1.1.1	0x8cf2	Standard query (0)	bluehost-cdn.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:18.958290100 CEST	192.168.2.6	1.1.1.1	0x5a38	Standard query (0)	bluehost-cdn.com	65	IN (0x0001)	false
Sep 28, 2024 05:40:21.510205984 CEST	192.168.2.6	1.1.1.1	0xf7da	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:21.510273933 CEST	192.168.2.6	1.1.1.1	0x567d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 28, 2024 05:40:22.197237015 CEST	192.168.2.6	1.1.1.1	0x4f86	Standard query (0)	bluehost-cdn.com	65	IN (0x0001)	false
Sep 28, 2024 05:40:22.197237015 CEST	192.168.2.6	1.1.1.1	0x428e	Standard query (0)	bluehost-cdn.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:23.568275928 CEST	192.168.2.6	1.1.1.1	0xce7a	Standard query (0)	bhy.srl.mybluehost.me	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:23.568556070 CEST	192.168.2.6	1.1.1.1	0x4ac6	Standard query (0)	bhy.srl.mybluehost.me	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 05:40:18.137362003 CEST	1.1.1.1	192.168.2.6	0x9e01	No error (0)	bhy.srl.mybluehost.me		50.6.153.168	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:19.137440920 CEST	1.1.1.1	192.168.2.6	0x8cf2	No error (0)	bluehost-cdn.com		34.233.140.183	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:19.137440920 CEST	1.1.1.1	192.168.2.6	0x8cf2	No error (0)	bluehost-cdn.com		52.52.57.238	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:19.137440920 CEST	1.1.1.1	192.168.2.6	0x8cf2	No error (0)	bluehost-cdn.com		52.29.153.112	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:19.137440920 CEST	1.1.1.1	192.168.2.6	0x8cf2	No error (0)	bluehost-cdn.com		18.216.86.236	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:21.516901970 CEST	1.1.1.1	192.168.2.6	0x567d	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 28, 2024 05:40:21.517069101 CEST	1.1.1.1	192.168.2.6	0xf7da	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:22.204163074 CEST	1.1.1.1	192.168.2.6	0x428e	No error (0)	bluehost-cdn.com		18.216.86.236	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:22.204163074 CEST	1.1.1.1	192.168.2.6	0x428e	No error (0)	bluehost-cdn.com		52.29.153.112	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:22.204163074 CEST	1.1.1.1	192.168.2.6	0x428e	No error (0)	bluehost-cdn.com		52.52.57.238	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:22.204163074 CEST	1.1.1.1	192.168.2.6	0x428e	No error (0)	bluehost-cdn.com		34.233.140.183	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:23.579605103 CEST	1.1.1.1	192.168.2.6	0xce7a	No error (0)	bhy.srl.mybluehost.me		50.6.153.168	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:29.413964987 CEST	1.1.1.1	192.168.2.6	0x37db	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:40:29.413964987 CEST	1.1.1.1	192.168.2.6	0x37db	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:30.895304918 CEST	1.1.1.1	192.168.2.6	0x9c98	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:30.895304918 CEST	1.1.1.1	192.168.2.6	0x9c98	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:40:43.806272030 CEST	1.1.1.1	192.168.2.6	0x79d4	No error (0)	windowsupdatebg.s.llnwi.net		87.248.205.0	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bhy.srl.mybluehost.me

https:

bluehost-cdn.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49710	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:06 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 58 77 50 31 67 42 6d 2b 48 30 2b 33 46 66 68 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 35 61 35 61 31 36 35 61 63 35 30 38 34 65 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: XwP1gBm+H0+3FfhN.1Context: e5a5a165ac5084e9
2024-09-28 03:40:06 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:40:06 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 58 77 50 31 67 42 6d 2b 48 30 2b 33 46 66 68 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 35 61 35 61 31 36 35 61 63 35 30 38 34 65 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: XwP1gBm+H0+3FfhN.2Context: e5a5a165ac5084e9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:40:06 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 58 77 50 31 67 42 6d 2b 48 30 2b 33 46 66 68 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 35 61 35 61 31 36 35 61 63 35 30 38 34 65 39 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: XwP1gBm+H0+3FfhN.3Context: e5a5a165ac5084e9
2024-09-28 03:40:06 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:40:06 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 5a 6d 44 48 62 68 77 48 76 55 71 54 7a 6a 4e 65 32 31 51 54 55 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ZmDHbhwHvUqTzjNe21QTUg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49711	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:16 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 53 78 78 78 7a 64 4d 51 67 6b 71 65 4f 53 73 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 30 38 32 36 33 34 36 62 61 33 37 30 32 62 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: SxxxzdMQgkqeOSsL.1Context: 10826346ba3702be
2024-09-28 03:40:16 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:40:16 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 53 78 78 78 7a 64 4d 51 67 6b 71 65 4f 53 73 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 30 38 32 36 33 34 36 62 61 33 37 30 32 62 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: SxxxzdMQgkqeOSsL.2Context: 10826346ba3702be<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:40:16 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 53 78 78 78 7a 64 4d 51 67 6b 71 65 4f 53 73 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 30 38 32 36 33 34 36 62 61 33 37 30 32 62 65 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: SxxxzdMQgkqeOSsL.3Context: 10826346ba3702be
2024-09-28 03:40:16 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:40:16 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 70 69 6d 6e 2b 66 4d 74 46 30 65 30 42 63 53 6e 43 71 45 36 72 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: pimn+fMtF0e0BcSnCqE6rg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49715	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:18 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 38 57 48 2b 34 39 67 30 30 65 7a 6a 2f 6c 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 37 63 63 62 66 38 30 61 64 61 65 62 33 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: k8WH+49g00ezj/lv.1Context: 3f7ccbf80adaeb3a
2024-09-28 03:40:18 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:40:18 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6b 38 57 48 2b 34 39 67 30 30 65 7a 6a 2f 6c 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 37 63 63 62 66 38 30 61 64 61 65 62 33 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: k8WH+49g00ezj/lv.2Context: 3f7ccbf80adaeb3a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:40:18 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 38 57 48 2b 34 39 67 30 30 65 7a 6a 2f 6c 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 37 63 63 62 66 38 30 61 64 61 65 62 33 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: k8WH+49g00ezj/lv.3Context: 3f7ccbf80adaeb3a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:40:18 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:40:18 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 54 71 43 44 32 67 76 4b 55 65 4d 4b 64 55 2b 64 4a 34 71 75 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: nTqCD2gvKUeMKdU+dJ4quA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49718	50.6.153.168	443	1468	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:18 UTC	674	OUT	GET /SBB/index/ HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:40:18 UTC	227	IN	HTTP/1.1 302 Found Date: Sat, 28 Sep 2024 03:40:18 GMT Server: Apache Location: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Content-Length: 239 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-09-28 03:40:18 UTC	239	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 68 79 2e 73 72 6c 2e 6d 79 62 6c 75 65 68 6f 73 74 2e 6d 65 2f 63 67 69 2d 73 79 73 2f 73 75 73 70 65 6e 64 65 64 70 61 67 65 2e 63 67 69 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49719	50.6.153.168	443	1468	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:18 UTC	689	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:40:18 UTC	236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 03:40:18 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== Transfer-Encoding: chunked Content-Type: text/html
2024-09-28 03:40:18 UTC	953	IN	Data Raw: 33 62 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 68 6f 73 74 2d 63 64 6e 2e 63 6f 6d 2f 6d 65 64 69 61 2f 75 73 65 72 2f 73 75 73 70 65 6e 64 65 64 5f 61 63 63 6f 75 6e 74 2f 5f 62 68 2f 73 75 73 70 65 6e 64 Data Ascii: 3b2<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspend
2024-09-28 03:40:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49722	34.233.140.183	443	1468	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:19 UTC	581	OUT	GET /media/user/suspended_account/_bh/suspended.css HTTP/1.1 Host: bluehost-cdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://bhy.srl.mybluehost.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:40:20 UTC	404	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 28 Sep 2024 03:40:19 GMT Content-Type: text/css Content-Length: 955 Connection: close Vary: Accept-Encoding Last-Modified: Tue, 09 Jul 2024 15:33:34 GMT ETag: "3bb-61cd240b71794" Vary: Accept-Encoding Access-Control-Allow-Origin: * Expires: Sat, 05 Oct 2024 03:40:19 GMT Cache-Control: max-age=604800 X-Proxy-Cache: MISS Accept-Ranges: bytes
2024-09-28 03:40:20 UTC	955	IN	Data Raw: 2e 73 75 73 70 65 6e 64 2d 70 68 6f 74 6f 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 20 75 72 6c 28 27 62 68 2d 62 65 62 61 63 6b 2d 73 6f 6f 6e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 63 65 6e 74 65 72 3b 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 0a 7d 0a 2e 73 75 73 70 65 6e 64 2d 74 65 78 74 20 7b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 36 70 78 3b 0a 20 20 74 6f 70 3a 20 33 37 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 35 43 35 43 Data Ascii: .suspend-photo { background: transparent url('bh-beback-soon.png') no-repeat; background: center; width: 100%; height: 100%; opacity: 1;}.suspend-text { position: absolute; font-size: 36px; top: 370px; margin-left: 10px; color: #5C5C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49723	34.233.140.183	443	1468	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:19 UTC	629	OUT	GET /media/user/suspended_account/_bh/beback-soon.png HTTP/1.1 Host: bluehost-cdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bhy.srl.mybluehost.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:40:20 UTC	385	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 28 Sep 2024 03:40:19 GMT Content-Type: image/png Content-Length: 43201 Connection: close Last-Modified: Tue, 30 Mar 2021 21:51:54 GMT ETag: "a8c1-5bec801a6d280" Vary: Accept-Encoding Access-Control-Allow-Origin: * Expires: Sat, 05 Oct 2024 03:40:19 GMT Cache-Control: max-age=604800 X-Proxy-Cache: MISS Accept-Ranges: bytes
2024-09-28 03:40:20 UTC	15999	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 96 00 00 03 d6 08 06 00 00 00 73 e6 cd 51 00 00 a8 88 49 44 41 54 78 01 ec d8 51 01 80 20 10 05 b0 b3 8c cd 0c 6b 0f 7a 1c 50 80 00 8f 7d ac c4 ea fb c7 0b 00 27 00 00 00 00 d5 fd 2c b5 89 65 00 00 00 00 00 c4 32 00 00 00 00 00 62 19 00 00 00 00 00 b1 0c 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 20 96 01 00 00 00 00 10 cb 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 62 19 00 00 00 00 00 b1 0c 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 20 96 01 00 00 00 00 10 cb 00 00 00 00 00 88 e5 54 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 Data Ascii: PNGIHDRsQIDATxQ kzP}',e2bX@,X@, e2e2bX@,X@, Te2
2024-09-28 03:40:20 UTC	16384	IN	Data Raw: 73 1e 97 f9 0b 2e c6 46 de a7 7d e1 df 71 dd 47 58 06 00 00 00 90 45 f3 6c 8e b7 cc 14 96 97 37 3a 32 fe 1c 13 de 5b 9b f1 5d cb af ed 3c 91 f4 d7 eb 8b c4 85 11 96 73 b1 a3 6e 7f 4e a3 f2 2d 15 75 b2 cf d1 2f a5 bc c6 fe 50 ce 7f ae e9 bb 97 e7 d9 1c 39 8d cb f7 ef 69 10 7f 2c 2e c3 8f 31 e6 8e c4 5f e7 ba 8f b0 0c 00 00 00 20 8b 66 d5 da 6f 2e a6 3b 96 07 fd cf 83 af 66 14 96 ef fe 60 5d f2 e7 3b d7 bb e5 ad fa 1e 64 d9 9d bb 9b f3 12 96 c7 94 d5 9b f2 fb 7f e1 a4 43 ae dd d1 28 57 ef 68 c8 89 bb f6 b7 c9 cc 5a 57 de bf 2f 67 38 6e b2 3b c2 bd 79 fb f9 b6 a1 b5 47 6e ad a8 cb 59 5c d6 77 46 47 8c 84 0c 1d 63 2c 6c a8 5d 5c f7 11 96 01 00 00 00 64 d9 d2 06 c7 a1 62 b9 5b 79 d0 82 ea 76 f9 8f b1 8f a7 1d 96 2f 7a ec cd a4 bf d6 6d fb da e4 9a ca 56 64 d9 Data Ascii: s.F}qGXEl7:2[]<snN-u/P9i,.1_ fo.;f`];dC(WhZW/g8n;yGnY\wFGc,l]\db[yv/zmVd
2024-09-28 03:40:20 UTC	10818	IN	Data Raw: c7 51 19 9d e7 30 df d4 e6 73 f5 29 32 af 28 aa 4a 91 50 4b 58 e6 cb fb 7a 17 96 7f 33 f2 3d f5 b8 01 bb 6b f9 e1 57 66 eb ae fd bf b7 8e 96 bc 52 6b 5a 86 e5 6c 57 a3 30 46 58 8e 19 00 00 00 96 9a 1c e3 36 97 3a 9b 52 2d 5a 9d ac 6a 10 46 58 8e 07 10 96 67 5e b5 44 44 e3 93 55 ae 01 89 cc 05 75 ae 98 9e 4b fd 0e fd 7f 2d 20 2c 1b ef d5 79 6b 63 8e ca b6 aa 4a f9 a7 fb 5e ea d3 cf 19 f6 6a f4 bb 96 8f 66 5d 54 31 59 77 ed fd 2f cd 4a ab b0 ac ce 53 36 37 b7 09 63 84 65 00 00 00 f4 8a 3e 2a a7 16 93 bb 55 18 61 19 84 e5 81 b6 b9 d4 ae 8b bc 37 03 71 53 9b 53 17 86 63 a1 ae 55 8f 51 8f 95 60 87 98 9e 6b e4 e9 62 83 5e 3f 08 cb 03 eb 1f ef 7b 51 8e 65 5f ee 31 2a 9f 38 7f 45 f7 c5 7d 7d 71 3c fb 52 d4 f7 69 c4 b4 25 11 d7 1e c8 bc 92 16 61 79 29 e7 29 33 c2 Data Ascii: Q0s)2(JPKXz3=kWfRkZlW0FX6:R-ZjFXg^DDUuK- ,ykcJ^jf]T1Yw/JS67ce>Ua7qSScUQ`kb^?{Qe_18E}}q<Ri%ay))3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49727	50.6.153.168	443	1468	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:22 UTC	623	OUT	GET /favicon.ico HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:40:22 UTC	227	IN	HTTP/1.1 302 Found Date: Sat, 28 Sep 2024 03:40:22 GMT Server: Apache Location: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Content-Length: 239 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-09-28 03:40:22 UTC	239	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 68 79 2e 73 72 6c 2e 6d 79 62 6c 75 65 68 6f 73 74 2e 6d 65 2f 63 67 69 2d 73 79 73 2f 73 75 73 70 65 6e 64 65 64 70 61 67 65 2e 63 67 69 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49730	18.216.86.236	443	1468	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:22 UTC	388	OUT	GET /media/user/suspended_account/_bh/beback-soon.png HTTP/1.1 Host: bluehost-cdn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:40:23 UTC	385	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 28 Sep 2024 03:40:23 GMT Content-Type: image/png Content-Length: 43201 Connection: close Last-Modified: Tue, 30 Mar 2021 21:51:54 GMT ETag: "a8c1-5bec801b2a2c2" Vary: Accept-Encoding Access-Control-Allow-Origin: * Expires: Sat, 05 Oct 2024 03:40:23 GMT Cache-Control: max-age=604800 X-Proxy-Cache: MISS Accept-Ranges: bytes
2024-09-28 03:40:23 UTC	15999	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 96 00 00 03 d6 08 06 00 00 00 73 e6 cd 51 00 00 a8 88 49 44 41 54 78 01 ec d8 51 01 80 20 10 05 b0 b3 8c cd 0c 6b 0f 7a 1c 50 80 00 8f 7d ac c4 ea fb c7 0b 00 27 00 00 00 00 d5 fd 2c b5 89 65 00 00 00 00 00 c4 32 00 00 00 00 00 62 19 00 00 00 00 00 b1 0c 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 20 96 01 00 00 00 00 10 cb 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 62 19 00 00 00 00 00 b1 0c 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 20 96 01 00 00 00 00 10 cb 00 00 00 00 00 88 e5 54 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 Data Ascii: PNGIHDRsQIDATxQ kzP}',e2bX@,X@, e2e2bX@,X@, Te2
2024-09-28 03:40:23 UTC	16384	IN	Data Raw: 73 1e 97 f9 0b 2e c6 46 de a7 7d e1 df 71 dd 47 58 06 00 00 00 90 45 f3 6c 8e b7 cc 14 96 97 37 3a 32 fe 1c 13 de 5b 9b f1 5d cb af ed 3c 91 f4 d7 eb 8b c4 85 11 96 73 b1 a3 6e 7f 4e a3 f2 2d 15 75 b2 cf d1 2f a5 bc c6 fe 50 ce 7f ae e9 bb 97 e7 d9 1c 39 8d cb f7 ef 69 10 7f 2c 2e c3 8f 31 e6 8e c4 5f e7 ba 8f b0 0c 00 00 00 20 8b 66 d5 da 6f 2e a6 3b 96 07 fd cf 83 af 66 14 96 ef fe 60 5d f2 e7 3b d7 bb e5 ad fa 1e 64 d9 9d bb 9b f3 12 96 c7 94 d5 9b f2 fb 7f e1 a4 43 ae dd d1 28 57 ef 68 c8 89 bb f6 b7 c9 cc 5a 57 de bf 2f 67 38 6e b2 3b c2 bd 79 fb f9 b6 a1 b5 47 6e ad a8 cb 59 5c d6 77 46 47 8c 84 0c 1d 63 2c 6c a8 5d 5c f7 11 96 01 00 00 00 64 d9 d2 06 c7 a1 62 b9 5b 79 d0 82 ea 76 f9 8f b1 8f a7 1d 96 2f 7a ec cd a4 bf d6 6d fb da e4 9a ca 56 64 d9 Data Ascii: s.F}qGXEl7:2[]<snN-u/P9i,.1_ fo.;f`];dC(WhZW/g8n;yGnY\wFGc,l]\db[yv/zmVd
2024-09-28 03:40:23 UTC	10818	IN	Data Raw: c7 51 19 9d e7 30 df d4 e6 73 f5 29 32 af 28 aa 4a 91 50 4b 58 e6 cb fb 7a 17 96 7f 33 f2 3d f5 b8 01 bb 6b f9 e1 57 66 eb ae fd bf b7 8e 96 bc 52 6b 5a 86 e5 6c 57 a3 30 46 58 8e 19 00 00 00 96 9a 1c e3 36 97 3a 9b 52 2d 5a 9d ac 6a 10 46 58 8e 07 10 96 67 5e b5 44 44 e3 93 55 ae 01 89 cc 05 75 ae 98 9e 4b fd 0e fd 7f 2d 20 2c 1b ef d5 79 6b 63 8e ca b6 aa 4a f9 a7 fb 5e ea d3 cf 19 f6 6a f4 bb 96 8f 66 5d 54 31 59 77 ed fd 2f cd 4a ab b0 ac ce 53 36 37 b7 09 63 84 65 00 00 00 f4 8a 3e 2a a7 16 93 bb 55 18 61 19 84 e5 81 b6 b9 d4 ae 8b bc 37 03 71 53 9b 53 17 86 63 a1 ae 55 8f 51 8f 95 60 87 98 9e 6b e4 e9 62 83 5e 3f 08 cb 03 eb 1f ef 7b 51 8e 65 5f ee 31 2a 9f 38 7f 45 f7 c5 7d 7d 71 3c fb 52 d4 f7 69 c4 b4 25 11 d7 1e c8 bc 92 16 61 79 29 e7 29 33 c2 Data Ascii: Q0s)2(JPKXz3=kWfRkZlW0FX6:R-ZjFXg^DDUuK- ,ykcJ^jf]T1Yw/JS67ce>Ua7qSScUQ`kb^?{Qe_18E}}q<Ri%ay))3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49729	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:23 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:40:23 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=219879 Date: Sat, 28 Sep 2024 03:40:23 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49731	50.6.153.168	443	1468	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:23 UTC	637	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:40:23 UTC	236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 03:40:23 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== Transfer-Encoding: chunked Content-Type: text/html
2024-09-28 03:40:23 UTC	953	IN	Data Raw: 33 62 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 68 6f 73 74 2d 63 64 6e 2e 63 6f 6d 2f 6d 65 64 69 61 2f 75 73 65 72 2f 73 75 73 70 65 6e 64 65 64 5f 61 63 63 6f 75 6e 74 2f 5f 62 68 2f 73 75 73 70 65 6e 64 Data Ascii: 3b2<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspend
2024-09-28 03:40:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49732	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:24 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:40:24 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=219908 Date: Sat, 28 Sep 2024 03:40:24 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-28 03:40:24 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49733	50.6.153.168	443	1468	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:24 UTC	370	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:40:24 UTC	236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 03:40:24 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== Transfer-Encoding: chunked Content-Type: text/html
2024-09-28 03:40:24 UTC	953	IN	Data Raw: 33 62 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 68 6f 73 74 2d 63 64 6e 2e 63 6f 6d 2f 6d 65 64 69 61 2f 75 73 65 72 2f 73 75 73 70 65 6e 64 65 64 5f 61 63 63 6f 75 6e 74 2f 5f 62 68 2f 73 75 73 70 65 6e 64 Data Ascii: 3b2<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspend
2024-09-28 03:40:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49734	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:26 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 44 55 31 4f 51 48 57 6d 55 61 46 68 4d 51 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 61 66 38 39 30 61 30 30 61 30 61 62 37 30 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: TDU1OQHWmUaFhMQ4.1Context: 6af890a00a0ab701
2024-09-28 03:40:26 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:40:26 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 44 55 31 4f 51 48 57 6d 55 61 46 68 4d 51 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 61 66 38 39 30 61 30 30 61 30 61 62 37 30 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: TDU1OQHWmUaFhMQ4.2Context: 6af890a00a0ab701<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:40:26 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 44 55 31 4f 51 48 57 6d 55 61 46 68 4d 51 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 61 66 38 39 30 61 30 30 61 30 61 62 37 30 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: TDU1OQHWmUaFhMQ4.3Context: 6af890a00a0ab701<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:40:26 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:40:26 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 7a 4c 74 41 53 79 4e 43 35 30 65 69 5a 59 68 69 65 57 32 38 76 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: zLtASyNC50eiZYhieW28vQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49735	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:28 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 56 70 6e 71 62 7a 2f 39 45 47 5a 71 43 2f 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 61 34 31 65 36 65 36 61 30 38 38 62 33 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: JVpnqbz/9EGZqC/K.1Context: 62a41e6e6a088b35
2024-09-28 03:40:28 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:40:28 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4a 56 70 6e 71 62 7a 2f 39 45 47 5a 71 43 2f 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 61 34 31 65 36 65 36 61 30 38 38 62 33 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: JVpnqbz/9EGZqC/K.2Context: 62a41e6e6a088b35<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:40:28 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4a 56 70 6e 71 62 7a 2f 39 45 47 5a 71 43 2f 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 61 34 31 65 36 65 36 61 30 38 38 62 33 35 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: JVpnqbz/9EGZqC/K.3Context: 62a41e6e6a088b35
2024-09-28 03:40:29 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:40:29 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 44 31 51 56 4c 75 68 75 58 55 65 4d 6c 55 4b 65 4d 65 75 71 50 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: D1QVLuhuXUeMlUKeMeuqPA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49740	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:40 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 4c 4a 61 32 75 36 4b 4e 45 61 74 30 52 77 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 32 31 64 37 39 62 65 65 38 63 34 34 36 32 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: MLJa2u6KNEat0RwP.1Context: 921d79bee8c44626
2024-09-28 03:40:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:40:40 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4d 4c 4a 61 32 75 36 4b 4e 45 61 74 30 52 77 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 32 31 64 37 39 62 65 65 38 63 34 34 36 32 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: MLJa2u6KNEat0RwP.2Context: 921d79bee8c44626<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:40:40 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 4c 4a 61 32 75 36 4b 4e 45 61 74 30 52 77 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 32 31 64 37 39 62 65 65 38 63 34 34 36 32 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: MLJa2u6KNEat0RwP.3Context: 921d79bee8c44626<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:40:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:40:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 41 49 31 75 66 50 53 64 4c 55 53 65 54 56 71 33 68 63 57 62 63 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: AI1ufPSdLUSeTVq3hcWbcQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49741	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:40:49 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 31 59 2f 63 4b 63 47 6c 30 75 4e 61 4b 35 44 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 34 62 37 30 32 61 32 65 39 38 64 65 34 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: l1Y/cKcGl0uNaK5D.1Context: b04b702a2e98de4d
2024-09-28 03:40:49 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:40:49 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6c 31 59 2f 63 4b 63 47 6c 30 75 4e 61 4b 35 44 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 34 62 37 30 32 61 32 65 39 38 64 65 34 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: l1Y/cKcGl0uNaK5D.2Context: b04b702a2e98de4d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:40:49 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6c 31 59 2f 63 4b 63 47 6c 30 75 4e 61 4b 35 44 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 34 62 37 30 32 61 32 65 39 38 64 65 34 64 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: l1Y/cKcGl0uNaK5D.3Context: b04b702a2e98de4d
2024-09-28 03:40:49 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:40:49 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 38 70 63 71 77 6b 4d 39 77 30 6d 72 73 34 76 2f 33 4a 58 7a 70 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 8pcqwkM9w0mrs4v/3JXzpQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	51338	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:41:02 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 39 52 41 5a 39 51 4a 59 74 45 32 50 72 54 62 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 65 34 62 38 63 62 38 39 34 39 32 33 35 65 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 9RAZ9QJYtE2PrTbQ.1Context: ae4b8cb8949235e5
2024-09-28 03:41:02 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:41:02 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 39 52 41 5a 39 51 4a 59 74 45 32 50 72 54 62 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 65 34 62 38 63 62 38 39 34 39 32 33 35 65 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 9RAZ9QJYtE2PrTbQ.2Context: ae4b8cb8949235e5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:41:02 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 39 52 41 5a 39 51 4a 59 74 45 32 50 72 54 62 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 65 34 62 38 63 62 38 39 34 39 32 33 35 65 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 9RAZ9QJYtE2PrTbQ.3Context: ae4b8cb8949235e5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:41:02 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:41:02 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 56 6e 78 65 47 74 43 49 58 6b 4b 45 34 7a 2f 73 52 5a 74 2f 2b 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: VnxeGtCIXkKE4z/sRZt/+A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	51340	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:41:17 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 47 55 71 56 44 65 33 53 55 4f 38 37 30 4c 30 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 39 64 66 65 64 64 38 65 36 39 38 32 63 63 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: JGUqVDe3SUO870L0.1Context: a9dfedd8e6982ccf
2024-09-28 03:41:17 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:41:17 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4a 47 55 71 56 44 65 33 53 55 4f 38 37 30 4c 30 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 39 64 66 65 64 64 38 65 36 39 38 32 63 63 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: JGUqVDe3SUO870L0.2Context: a9dfedd8e6982ccf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:41:17 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4a 47 55 71 56 44 65 33 53 55 4f 38 37 30 4c 30 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 39 64 66 65 64 64 38 65 36 39 38 32 63 63 66 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: JGUqVDe3SUO870L0.3Context: a9dfedd8e6982ccf
2024-09-28 03:41:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:41:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 43 59 51 71 33 46 79 34 55 36 73 6f 76 47 66 6c 48 42 58 75 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: uCYQq3Fy4U6sovGflHBXug.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	51343	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:41:26 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 63 5a 78 71 2b 30 45 62 6b 6d 39 77 6f 4e 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 65 37 66 36 33 37 30 65 30 30 38 33 62 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 2cZxq+0Ebkm9woNL.1Context: 13e7f6370e0083b5
2024-09-28 03:41:26 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 03:41:26 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 32 63 5a 78 71 2b 30 45 62 6b 6d 39 77 6f 4e 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 65 37 66 36 33 37 30 65 30 30 38 33 62 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 56 38 47 57 55 47 78 42 57 41 76 70 4a 42 6c 32 6f 57 75 4f 36 77 42 45 50 6e 49 47 6b 50 49 44 6b 45 53 74 4c 4a 32 4b 5a 37 43 43 42 58 49 56 55 4c 64 62 59 5a 6f 79 55 57 31 5a 32 73 41 54 6e 54 51 52 39 44 4d 30 2b 42 70 73 55 4a 78 30 30 66 35 2b 62 54 52 57 66 36 36 7a 75 73 6f 4d 6d 66 66 43 73 51 6c 38 4d 54 75 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 2cZxq+0Ebkm9woNL.2Context: 13e7f6370e0083b5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUV8GWUGxBWAvpJBl2oWuO6wBEPnIGkPIDkEStLJ2KZ7CCBXIVULdbYZoyUW1Z2sATnTQR9DM0+BpsUJx00f5+bTRWf66zusoMmffCsQl8MTuO
2024-09-28 03:41:26 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 32 63 5a 78 71 2b 30 45 62 6b 6d 39 77 6f 4e 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 65 37 66 36 33 37 30 65 30 30 38 33 62 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 2cZxq+0Ebkm9woNL.3Context: 13e7f6370e0083b5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 03:41:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 03:41:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 37 33 6a 66 75 59 53 6a 66 45 2b 49 6c 5a 46 36 50 32 6a 33 4f 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 73jfuYSjfE+IlZF6P2j3Og.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 524, Parent PID: 4600

General

Target ID:	0
Start time:	23:40:10
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1468, Parent PID: 524

General

Target ID:	2
Start time:	23:40:15
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1936,i,10146357521803993831,7334041318173328090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3544, Parent PID: 4600

General

Target ID:	3
Start time:	23:40:16
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhy.srl.mybluehost.me/SBB/index/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://bhy.srl.mybluehost.me/SBB/index/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 524, Parent PID: 4600

General

Chronological Activities

Analysis Process: chrome.exePID: 1468, Parent PID: 524

General

Chronological Activities

Windows Analysis Report
https://bhy.srl.mybluehost.me/SBB/index/