Edit tour

Windows Analysis Report
https://bhy.srl.mybluehost.me/SBB/index

Overview

General Information

Sample URL:	https://bhy.srl.mybluehost.me/SBB/index
Analysis ID:	1521191
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2004,i,1665198897853646266,5550386564409354201,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhy.srl.mybluehost.me/SBB/index" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://bhy.srl.mybluehost.me/SBB/index

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.5:50698 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /SBB/index HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/suspendedpage.cgi HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/user/suspended_account/_bh/suspended.css HTTP/1.1Host: bluehost-cdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://bhy.srl.mybluehost.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/user/suspended_account/_bh/beback-soon.png HTTP/1.1Host: bluehost-cdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bhy.srl.mybluehost.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/user/suspended_account/_bh/beback-soon.png HTTP/1.1Host: bluehost-cdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgiAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/suspendedpage.cgi HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgiAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cgi-sys/suspendedpage.cgi HTTP/1.1Host: bhy.srl.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: bhy.srl.mybluehost.me
Source: global traffic	DNS traffic detected: DNS query: bluehost-cdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_132.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50702
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49723 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@21/18@10/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2004,i,1665198897853646266,5550386564409354201,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhy.srl.mybluehost.me/SBB/index"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2004,i,1665198897853646266,5550386564409354201,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://bhy.srl.mybluehost.me/SBB/index	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bhy.srl.mybluehost.me	50.6.153.168	true	false	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
bluehost-cdn.com	34.233.140.183	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://bhy.srl.mybluehost.me/SBB/index	true	unknown
https://bluehost-cdn.com/media/user/suspended_account/_bh/suspended.css	false	unknown
https://bluehost-cdn.com/media/user/suspended_account/_bh/beback-soon.png	false	unknown
https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi	false	unknown
https://bhy.srl.mybluehost.me/favicon.ico	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.233.140.183	bluehost-cdn.com	United States	14618	AMAZON-AESUS	false
50.6.153.168	bhy.srl.mybluehost.me	United States	46606	UNIFIEDLAYER-AS-1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.216.86.236	unknown	United States	16509	AMAZON-02US	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521191
Start date and time:	2024-09-28 05:44:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://bhy.srl.mybluehost.me/SBB/index
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@21/18@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 216.58.206.46, 142.250.110.84, 34.104.35.123, 216.58.212.163, 172.217.23.106, 4.175.87.197, 199.232.210.172, 192.229.221.95, 20.3.187.198, 40.69.42.241, 142.250.186.35
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://bhy.srl.mybluehost.me/SBB/index

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Model: jbxai	{ "brand":["Bluehost"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Model: jbxai

{
"brand":["Bluehost"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:45:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9809426017890566
Encrypted:	false
SSDEEP:	48:85xdPTn3AHnidAKZdA19ehwiZUklqeh2y+3:8BTcBy
MD5:	632A1B9A7A1B1D96B82729DB686EB6B4
SHA1:	A9328433CCB9FBB6F9084C12939B96F371533B5D
SHA-256:	8531DAF7D04FC08A41CE2A4689E60441C3A4111585D10D60B0CD8AD396686B83
SHA-512:	A763FEA46700F7629B97BC58343318913949D34A04B5676B0AC0D32B5223FB3FBC6633877B4E8FDC83A2B4FDA2A53C11E7FF6D43D98CD628EE28C274C703DDB2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......X...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%\B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:45:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.995769672413755
Encrypted:	false
SSDEEP:	48:8QxdPTn3AHnidAKZdA1weh/iZUkAQkqehxy+2:8ETu9QEy
MD5:	375CFE9F527F1B95631642629857CA44
SHA1:	F4A23145764579A38AD1F11111AC8C32E1FDCF24
SHA-256:	3A23255195D3A228CC0CBC01701DD957CE5F09261E5EA0D5A4D437CE9DBC4455
SHA-512:	5E3133F3B01CD1783A82A19597F467599244E42705C3B8F6D3E6D817974E3590AEB8EDF8C7BFCA8A75838D0E4BC1AE97B7C8C8879BEAA505B34214E6C142FA48
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........X...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%\B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.006793031660721
Encrypted:	false
SSDEEP:	48:8x4dPTn3sHnidAKZdA14tseh7sFiZUkmgqeh7sny+BX:8xsTCndy
MD5:	CCEF70E6718266D4FA2DD658D0D001EB
SHA1:	D8073F6C3E013442CC70452E9B3C77FD34A91D0F
SHA-256:	4D833B8E255BD8F4E154A4DCACB0709EC3AF16D4F70709E75C8A32AAFB8A5B1B
SHA-512:	C6CC86D2D57B4E7FD85BDF2B63F6249D8141DAA5704EA696DBED28933BDBB7C666CD6CFAB70D51EFBE1D8A0746196CFC547E5EA200D970790A463C74CADA5B45
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%\B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:45:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9951697546850387
Encrypted:	false
SSDEEP:	48:8cxdPTn3AHnidAKZdA1vehDiZUkwqehFy+R:8wT1vy
MD5:	7BFE5DE4ADCC39012A520954CDA266DF
SHA1:	7DF2A8C394B258E80AB046B9FA7326A20FF25DB9
SHA-256:	34E145817B35673D2339FF0F4963B4DCD8325C5F950399B78E220F07504A42E3
SHA-512:	309CAEB762441A92DB1857F2A861DF7E8B8D49979ABE5CD61C55EC4993C11C73742AE02114F8A1F549D65E74C4FF67E609445E5C5251DC5C3B1ACC3F42DC178C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....L\|.X...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%\B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:45:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9842024982062068
Encrypted:	false
SSDEEP:	48:8/xdPTn3AHnidAKZdA1hehBiZUk1W1qehTy+C:8bTl9zy
MD5:	677BFD80C112A357A5E72682B573F90C
SHA1:	EC96766DED5780FB8F5D8F3D0EC00E7BE85CBE23
SHA-256:	0CD5775CCE81D4846AA4B6D5149EB7C1C101FC457ED22021F4CECF3BDE366F53
SHA-512:	5028C15A90B03B3175643D418E65275C7DF17ECE88CCC7AC38DC64C48F8F8DB1508137710B1C4FEE67EB1ADE6E6C2A214AB3419485C3B60FFE786551504FDF28
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....^...X...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%\B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 02:45:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.989948785599014
Encrypted:	false
SSDEEP:	48:824xdPTn3AHnidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbdy+yT+:82sT5T/TbxWOvTbdy7T
MD5:	BCC7DC5B684C2094D5FF7599BA08DAE0
SHA1:	4488B51EB2B87ED11DE1C441B8ED51697FBF51C5
SHA-256:	14012F31188C9C3F6663042481EF15645617193BC4BAB012083F9B176247B9C6
SHA-512:	6ECB6D4FF1E1779E85BB5AC8F2A360B2D133C48FFC817D14AC620562579C3576B049C16EA93B966A822779CDF98F536385A66D14B812E8198401A0A6E68F9A3F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....`io.X...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%\B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	946
Entropy (8bit):	4.810938905259325
Encrypted:	false
SSDEEP:	12:hYUy7G2CnddWNWprzaSbZBEdYXg2y/iEftCxRxwHEV7FzVKiw/7WoQL:hYUCZC3WNIbZyOXXyKEMRxUg8dQ
MD5:	624B88AEE8E0DE419722288D2978F917
SHA1:	5E2AB4F6E167B86F3C824080381E5656EED0C2FE
SHA-256:	B4537CCF6B54E753C4D82946E5733C45C28AED807744495935C7357F53A702A9
SHA-512:	E6F62FB6D96118B275D0B0867E5F6C04601E1047AF1F0814E3235339BB30D15433D7624F52B08E76933958CE17AB61C75D683BF77D177B3FE002B56898AF6E30
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspended.css">. <link rel="preconnect" href="//fonts.gstatic.com">. <link href="//fonts.googleapis.com/css2?family=Open+Sans:wght@300;400&display=swap" rel="stylesheet">. </head>. <body>. <div>. <img class="suspend-photo" src="//bluehost-cdn.com/media/user/suspended_account/_bh/beback-soon.png" alt="Account suspended photo">. <h2 class="suspend-text">Account Suspended!</h2>. <p class="contact-support">Please contact our support team for further assistance.</p>. <p class="questions">*If you.re the owner of this website and have questions, reach out to Bluehost. We.re happy to help.</p>. </div>. </body>.</html>.

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1430 x 982, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	43201
Entropy (8bit):	7.659124990561904
Encrypted:	false
SSDEEP:	768:LugxQTPvEE/wt7V88rsJDyE+w04UgOHX0voOdejIU0MKADQzR+Ra:LSDcewB5r8DyEs4XO30voOeZDU84
MD5:	495826852EE860B53716AEEDFCAD9F75
SHA1:	6FF9EEF566AA5BFE11749B37E16C1F24941633CC
SHA-256:	A9119A330A2C1F636051FC96E31AF730D7BD096D358D7AD1681AC3770630F4A8
SHA-512:	8A6DEE67E925081690D085DC789E7142F33F8C131323A3C067F46C0E2C913EF6651AC64EE61067C6E678FCBAF0FFA91F4BC6CE814F3050647D2736E63609A326
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............s..Q....IDATx...Q.. .......k.z.P...}.......'......,..e......2.....b.............X.....@,......X.....@,..... ..............e......2......e......2.....b.............X.....@,......X.....@,..... ...............T......e......2.....b.............X.............X.....@,..... ..............e.............e......2.....b.............X.............X.....@,..... .............$........e......2.....b.............b.............X.....@,..... ............. ..............e......2.....b.............b.............X.....@,..... .S..... ..............e......2.....b.......2.....b.............X.....@,..... ......@,..... ..............e......2.....b.......2.....b.............X.....@,......@,..... ..............e......2......e......2.....b.............X.....@,......X.....@,..... ..............e......2......e......2.....b.............XN......X.....@,..... ..............e.............e......2.....b.............X.............X.....@,..... ..............e.............e......2.....b.......

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Category:	downloaded
Size (bytes):	48236
Entropy (8bit):	7.994912604882335
Encrypted:	true
SSDEEP:	768:uj6JxavgLx5rjTH3CdZ3y11o4uMb2IVEhiB6z6GAAHJApICtBgso6HaOjTXHRWK:ujoa4LxZPCdm3B2IVEhiB62apApISxos
MD5:	015C126A3520C9A8F6A27979D0266E96
SHA1:	2ACF956561D44434A6D84204670CF849D3215D5F
SHA-256:	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
SHA-512:	02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...\|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2.........C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	946
Entropy (8bit):	4.810938905259325
Encrypted:	false
SSDEEP:	12:hYUy7G2CnddWNWprzaSbZBEdYXg2y/iEftCxRxwHEV7FzVKiw/7WoQL:hYUCZC3WNIbZyOXXyKEMRxUg8dQ
MD5:	624B88AEE8E0DE419722288D2978F917
SHA1:	5E2AB4F6E167B86F3C824080381E5656EED0C2FE
SHA-256:	B4537CCF6B54E753C4D82946E5733C45C28AED807744495935C7357F53A702A9
SHA-512:	E6F62FB6D96118B275D0B0867E5F6C04601E1047AF1F0814E3235339BB30D15433D7624F52B08E76933958CE17AB61C75D683BF77D177B3FE002B56898AF6E30
Malicious:	false
Reputation:	low
URL:	https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspended.css">. <link rel="preconnect" href="//fonts.gstatic.com">. <link href="//fonts.googleapis.com/css2?family=Open+Sans:wght@300;400&display=swap" rel="stylesheet">. </head>. <body>. <div>. <img class="suspend-photo" src="//bluehost-cdn.com/media/user/suspended_account/_bh/beback-soon.png" alt="Account suspended photo">. <h2 class="suspend-text">Account Suspended!</h2>. <p class="contact-support">Please contact our support team for further assistance.</p>. <p class="questions">*If you.re the owner of this website and have questions, reach out to Bluehost. We.re happy to help.</p>. </div>. </body>.</html>.

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1430 x 982, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	43201
Entropy (8bit):	7.659124990561904
Encrypted:	false
SSDEEP:	768:LugxQTPvEE/wt7V88rsJDyE+w04UgOHX0voOdejIU0MKADQzR+Ra:LSDcewB5r8DyEs4XO30voOeZDU84
MD5:	495826852EE860B53716AEEDFCAD9F75
SHA1:	6FF9EEF566AA5BFE11749B37E16C1F24941633CC
SHA-256:	A9119A330A2C1F636051FC96E31AF730D7BD096D358D7AD1681AC3770630F4A8
SHA-512:	8A6DEE67E925081690D085DC789E7142F33F8C131323A3C067F46C0E2C913EF6651AC64EE61067C6E678FCBAF0FFA91F4BC6CE814F3050647D2736E63609A326
Malicious:	false
Reputation:	low
URL:	https://bluehost-cdn.com/media/user/suspended_account/_bh/beback-soon.png
Preview:	.PNG........IHDR.............s..Q....IDATx...Q.. .......k.z.P...}.......'......,..e......2.....b.............X.....@,......X.....@,..... ..............e......2......e......2.....b.............X.....@,......X.....@,..... ...............T......e......2.....b.............X.............X.....@,..... ..............e.............e......2.....b.............X.............X.....@,..... .............$........e......2.....b.............b.............X.....@,..... ............. ..............e......2.....b.............b.............X.....@,..... .S..... ..............e......2.....b.......2.....b.............X.....@,..... ......@,..... ..............e......2.....b.......2.....b.............X.....@,......@,..... ..............e......2......e......2.....b.............X.....@,......X.....@,..... ..............e......2......e......2.....b.............XN......X.....@,..... ..............e.............e......2.....b.............X.............X.....@,..... ..............e.............e......2.....b.......

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	11634
Entropy (8bit):	5.3577118756441005
Encrypted:	false
SSDEEP:	192:f/Pz+qSc6uy9rbqGIwYGV1pi/KWbqXV6uyErbqGIwYjc1Yf:nb8q9DaHq9N
MD5:	D404D8BE119B0C778116319D1B9FE734
SHA1:	C62A27A948F601BF3781EBEBD5049FF6AB89593D
SHA-256:	8BD8A746EFD5972536245F2F2C6E4213360405BE048112EE66E3A2612EDB43BF
SHA-512:	5C7BD037730E92BAE8ABE6DA9C327AF4612C9DEFFBEE64C373CB71F458BB9B9D302FB515A8523A3BA82EAE5BA5385B453CF641CA172FF6B5F4473EC38AC25C9C
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	955
Entropy (8bit):	4.875299756989579
Encrypted:	false
SSDEEP:	24:SF68pSAzxYRGvyOSejw0GvOcw0O8BDcZA:SFPSU6GvyOS8GvnOwDQA
MD5:	6AC12DE9CA46F24A05A01C7BA24C40DC
SHA1:	27F9E7A53436525AFF12B1A1E4FB6486DCDE8A08
SHA-256:	33FB84F9CC077193B201B1BBFFC3F98AF428A915202E911ACF56BC822834B4D4
SHA-512:	F94034D5A53D2DE17ED903A761CBCF39F133D43F0A7690351FA917709B29B7E5190FA06F58974A7491C65D71C717C9CC958C5AB1DBD1EB32F92401CAC01F4EC3
Malicious:	false
Reputation:	low
URL:	https://bluehost-cdn.com/media/user/suspended_account/_bh/suspended.css
Preview:	.suspend-photo {. background: transparent url('bh-beback-soon.png') no-repeat;. background: center;. width: 100%;. height: 100%;. opacity: 1;.}..suspend-text {. position: absolute;. font-size: 36px;. top: 370px;. margin-left: 10px;. color: #5C5C5C;. opacity: 1;. font-weight: 200;. font-family: 'Open Sans', sans-serif;.}..contact-support {. position: absolute;. font-size: 16px;. text-align: center;. top: 450px;. margin-left: 10px;. color: #5B5B5B;. font-family: 'Open Sans', sans-serif;.}..questions {. text-align: center;. color: #5B5B5B;. font-family: 'Open Sans', sans-serif;. font-size: 15px;.}.@media (max-width: 600px) {. .suspend-text {. font-size: 1.0em;. top: 60px;. }. .contact-support {. font-size: 14px;. top: 85px;. }.}.@media (min-width: 768px) and (max-width: 1024px) {. .suspend-text {. font-size: 1.25em;. top: 200px;. }. .contact-support {. font-size: 15px;. top: 245px;. }.}.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:45:12.761696100 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 28, 2024 05:45:12.761703014 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 28, 2024 05:45:12.871062040 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 28, 2024 05:45:20.462125063 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.462169886 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:20.462234020 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.462410927 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.462421894 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:20.462472916 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.462629080 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.462645054 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:20.462768078 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.462780952 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:20.974025965 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:20.974365950 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.974396944 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:20.975347996 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:20.975424051 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.976466894 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.976536989 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:20.976758957 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:20.976768017 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.030431986 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.051424980 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.051739931 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.051750898 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.053209066 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.053282022 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.053584099 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.053662062 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.093628883 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.093636036 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.107146978 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.107213020 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.107264996 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.107559919 CEST	49710	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.107572079 CEST	443	49710	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.109483004 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.151432991 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.246299028 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.246532917 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.246586084 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.285700083 CEST	49709	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:21.285742044 CEST	443	49709	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:21.342197895 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.342230082 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.342283010 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.342365980 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.342371941 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.342416048 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.342601061 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.342613935 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.342751026 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.342761040 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.908776045 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.909288883 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.909306049 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.910187960 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.910362959 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.912817955 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.912899017 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.913558960 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.913566113 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.915616035 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.916004896 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.916013002 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.917052984 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.917114019 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.919047117 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.919114113 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.919833899 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.919841051 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:21.963283062 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:21.963283062 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.193097115 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.193197966 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.193294048 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.366683006 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 28, 2024 05:45:22.366682053 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 28, 2024 05:45:22.392995119 CEST	49713	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.393029928 CEST	443	49713	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.393917084 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.393981934 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.394005060 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.394043922 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.394058943 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.394072056 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.394083977 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.394093990 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.394114017 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.394123077 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.395078897 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.395124912 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.395181894 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.395190001 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.395232916 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.395232916 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.396009922 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.396090031 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.396130085 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.396137953 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.396187067 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.396241903 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.396348000 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.403043032 CEST	49714	443	192.168.2.5	34.233.140.183
Sep 28, 2024 05:45:22.403050900 CEST	443	49714	34.233.140.183	192.168.2.5
Sep 28, 2024 05:45:22.477070093 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 28, 2024 05:45:22.507087946 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:22.507127047 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:22.507237911 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:22.507482052 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:22.507498026 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:22.607352018 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:22.607378006 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:45:22.607470989 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:22.607728004 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:22.607742071 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:45:23.125341892 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.129964113 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.129976988 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.130898952 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.130959034 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.150985956 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.151062965 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.178518057 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.178529024 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.222486973 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.239068031 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:45:23.239592075 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:23.239609003 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:45:23.240447998 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:45:23.240506887 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:23.244179010 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:23.244232893 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:45:23.288207054 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:23.288223028 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:45:23.328025103 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:23.615367889 CEST	49720	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:23.615420103 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:23.615478992 CEST	49720	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:23.616410971 CEST	49720	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:23.616421938 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:23.732502937 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.732564926 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.732587099 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.732623100 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.732645035 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.732645988 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.732666016 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.732695103 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.732697964 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.732718945 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.732741117 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.733864069 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.733906031 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.733962059 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.733977079 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.733990908 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.734019041 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.734877110 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.734922886 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.734949112 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.734957933 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.735075951 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:23.735129118 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.758948088 CEST	49718	443	192.168.2.5	18.216.86.236
Sep 28, 2024 05:45:23.758974075 CEST	443	49718	18.216.86.236	192.168.2.5
Sep 28, 2024 05:45:24.197290897 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:24.197607040 CEST	49720	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:24.197623968 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:24.198002100 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:24.198496103 CEST	49720	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:24.198561907 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:24.198724985 CEST	49720	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:24.199393988 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:24.199426889 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:24.199521065 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:24.201859951 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:24.201886892 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:24.204128027 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 28, 2024 05:45:24.204236984 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 28, 2024 05:45:24.243397951 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:24.330240011 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:24.330302000 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:24.330355883 CEST	49720	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:24.331099987 CEST	49720	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:24.331115007 CEST	443	49720	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:24.862631083 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:24.862900019 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:24.994870901 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:24.994909048 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:24.995922089 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:25.030433893 CEST	49722	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:25.030468941 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.030546904 CEST	49722	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:25.031189919 CEST	49722	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:25.031207085 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.036668062 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:25.483277082 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:25.519372940 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.521287918 CEST	49722	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:25.521301985 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.521644115 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.523396015 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:25.524974108 CEST	49722	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:25.525029898 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.525479078 CEST	49722	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:25.567399025 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.669526100 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.669620037 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.669672012 CEST	49722	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:25.671947956 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:25.672121048 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:25.672169924 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:25.705069065 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:25.705100060 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:25.705125093 CEST	49721	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:25.705132008 CEST	443	49721	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:25.732850075 CEST	49722	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:25.732876062 CEST	443	49722	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:25.813985109 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:25.814038038 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:25.814121008 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:25.814954996 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:25.814969063 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:26.344738007 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:26.344805002 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:26.344873905 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:26.345463991 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:26.345479965 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:26.452702045 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:26.452847004 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:26.508028984 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:26.508061886 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:26.508311987 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:26.510869026 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:26.551408052 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:26.729074001 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:26.729150057 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:26.732816935 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:26.809838057 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:26.809838057 CEST	49723	443	192.168.2.5	184.28.90.27
Sep 28, 2024 05:45:26.809869051 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:26.809878111 CEST	443	49723	184.28.90.27	192.168.2.5
Sep 28, 2024 05:45:26.834439993 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:26.837011099 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:26.837033987 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:26.838490963 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:26.838788986 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:26.860039949 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:26.860039949 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:26.860352039 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:26.910370111 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:26.910399914 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:26.958435059 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:27.000397921 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:27.000540018 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:27.000709057 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:27.002720118 CEST	49724	443	192.168.2.5	50.6.153.168
Sep 28, 2024 05:45:27.002741098 CEST	443	49724	50.6.153.168	192.168.2.5
Sep 28, 2024 05:45:33.148631096 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:45:33.148778915 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:45:33.148854017 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:33.429809093 CEST	49719	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:45:33.429836035 CEST	443	49719	142.250.186.164	192.168.2.5
Sep 28, 2024 05:46:00.122437954 CEST	50698	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:46:00.127268076 CEST	53	50698	1.1.1.1	192.168.2.5
Sep 28, 2024 05:46:00.127346992 CEST	50698	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:46:00.127382040 CEST	50698	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:46:00.132158995 CEST	53	50698	1.1.1.1	192.168.2.5
Sep 28, 2024 05:46:00.590706110 CEST	53	50698	1.1.1.1	192.168.2.5
Sep 28, 2024 05:46:00.591284037 CEST	50698	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:46:00.596621037 CEST	53	50698	1.1.1.1	192.168.2.5
Sep 28, 2024 05:46:00.596688986 CEST	50698	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:46:22.662617922 CEST	50702	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:46:22.662663937 CEST	443	50702	142.250.186.164	192.168.2.5
Sep 28, 2024 05:46:22.662735939 CEST	50702	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:46:22.663054943 CEST	50702	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:46:22.663067102 CEST	443	50702	142.250.186.164	192.168.2.5
Sep 28, 2024 05:46:23.294090033 CEST	443	50702	142.250.186.164	192.168.2.5
Sep 28, 2024 05:46:23.294657946 CEST	50702	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:46:23.294672966 CEST	443	50702	142.250.186.164	192.168.2.5
Sep 28, 2024 05:46:23.295119047 CEST	443	50702	142.250.186.164	192.168.2.5
Sep 28, 2024 05:46:23.298480034 CEST	50702	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:46:23.298557997 CEST	443	50702	142.250.186.164	192.168.2.5
Sep 28, 2024 05:46:23.350491047 CEST	50702	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:46:33.240775108 CEST	443	50702	142.250.186.164	192.168.2.5
Sep 28, 2024 05:46:33.240947008 CEST	443	50702	142.250.186.164	192.168.2.5
Sep 28, 2024 05:46:33.240998030 CEST	50702	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:46:33.432357073 CEST	50702	443	192.168.2.5	142.250.186.164
Sep 28, 2024 05:46:33.432400942 CEST	443	50702	142.250.186.164	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:45:18.946918964 CEST	53	52366	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:18.972153902 CEST	53	49547	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:19.983294964 CEST	53	56353	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:20.449420929 CEST	52848	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:20.449626923 CEST	49864	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:20.459341049 CEST	53	52848	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:20.461477995 CEST	53	49864	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:21.305804014 CEST	53753	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:21.305936098 CEST	61200	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:21.313143969 CEST	53	52839	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:21.318583012 CEST	53	61200	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:21.341825008 CEST	53	53753	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:22.483261108 CEST	63412	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:22.483475924 CEST	56068	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:22.492505074 CEST	53	63412	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:22.598939896 CEST	54051	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:22.599143028 CEST	60810	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:22.605704069 CEST	53	60810	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:22.605739117 CEST	53	54051	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:22.649854898 CEST	53	56068	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:26.303606033 CEST	60477	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:26.304235935 CEST	60041	53	192.168.2.5	1.1.1.1
Sep 28, 2024 05:45:26.314794064 CEST	53	60477	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:26.315301895 CEST	53	60041	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:37.153984070 CEST	53	62856	1.1.1.1	192.168.2.5
Sep 28, 2024 05:45:56.074680090 CEST	53	49918	1.1.1.1	192.168.2.5
Sep 28, 2024 05:46:00.121594906 CEST	53	64892	1.1.1.1	192.168.2.5
Sep 28, 2024 05:46:18.525007963 CEST	53	51215	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 28, 2024 05:45:22.649956942 CEST	192.168.2.5	1.1.1.1	c221	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 05:45:20.449420929 CEST	192.168.2.5	1.1.1.1	0xd0cb	Standard query (0)	bhy.srl.mybluehost.me	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:20.449626923 CEST	192.168.2.5	1.1.1.1	0xf220	Standard query (0)	bhy.srl.mybluehost.me	65	IN (0x0001)	false
Sep 28, 2024 05:45:21.305804014 CEST	192.168.2.5	1.1.1.1	0x7450	Standard query (0)	bluehost-cdn.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:21.305936098 CEST	192.168.2.5	1.1.1.1	0x303a	Standard query (0)	bluehost-cdn.com	65	IN (0x0001)	false
Sep 28, 2024 05:45:22.483261108 CEST	192.168.2.5	1.1.1.1	0xa444	Standard query (0)	bluehost-cdn.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:22.483475924 CEST	192.168.2.5	1.1.1.1	0xab10	Standard query (0)	bluehost-cdn.com	65	IN (0x0001)	false
Sep 28, 2024 05:45:22.598939896 CEST	192.168.2.5	1.1.1.1	0x6896	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:22.599143028 CEST	192.168.2.5	1.1.1.1	0x976c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 28, 2024 05:45:26.303606033 CEST	192.168.2.5	1.1.1.1	0x4e7e	Standard query (0)	bhy.srl.mybluehost.me	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:26.304235935 CEST	192.168.2.5	1.1.1.1	0xd235	Standard query (0)	bhy.srl.mybluehost.me	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 05:45:20.459341049 CEST	1.1.1.1	192.168.2.5	0xd0cb	No error (0)	bhy.srl.mybluehost.me		50.6.153.168	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:21.341825008 CEST	1.1.1.1	192.168.2.5	0x7450	No error (0)	bluehost-cdn.com		34.233.140.183	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:21.341825008 CEST	1.1.1.1	192.168.2.5	0x7450	No error (0)	bluehost-cdn.com		52.52.57.238	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:21.341825008 CEST	1.1.1.1	192.168.2.5	0x7450	No error (0)	bluehost-cdn.com		52.29.153.112	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:21.341825008 CEST	1.1.1.1	192.168.2.5	0x7450	No error (0)	bluehost-cdn.com		18.216.86.236	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:22.492505074 CEST	1.1.1.1	192.168.2.5	0xa444	No error (0)	bluehost-cdn.com		18.216.86.236	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:22.492505074 CEST	1.1.1.1	192.168.2.5	0xa444	No error (0)	bluehost-cdn.com		52.29.153.112	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:22.492505074 CEST	1.1.1.1	192.168.2.5	0xa444	No error (0)	bluehost-cdn.com		34.233.140.183	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:22.492505074 CEST	1.1.1.1	192.168.2.5	0xa444	No error (0)	bluehost-cdn.com		52.52.57.238	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:22.605704069 CEST	1.1.1.1	192.168.2.5	0x976c	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 28, 2024 05:45:22.605739117 CEST	1.1.1.1	192.168.2.5	0x6896	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:26.314794064 CEST	1.1.1.1	192.168.2.5	0x4e7e	No error (0)	bhy.srl.mybluehost.me		50.6.153.168	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:33.501128912 CEST	1.1.1.1	192.168.2.5	0x9934	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:33.501128912 CEST	1.1.1.1	192.168.2.5	0x9934	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:33.974216938 CEST	1.1.1.1	192.168.2.5	0x54e9	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:45:33.974216938 CEST	1.1.1.1	192.168.2.5	0x54e9	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:47.340548992 CEST	1.1.1.1	192.168.2.5	0xe80f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:45:47.340548992 CEST	1.1.1.1	192.168.2.5	0xe80f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:46:43.684408903 CEST	1.1.1.1	192.168.2.5	0x8910	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:46:43.684408903 CEST	1.1.1.1	192.168.2.5	0x8910	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bhy.srl.mybluehost.me

https:

bluehost-cdn.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	50.6.153.168	443	6532	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:20 UTC	673	OUT	GET /SBB/index HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:45:21 UTC	227	IN	HTTP/1.1 302 Found Date: Sat, 28 Sep 2024 03:45:21 GMT Server: Apache Location: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Content-Length: 239 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-09-28 03:45:21 UTC	239	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 68 79 2e 73 72 6c 2e 6d 79 62 6c 75 65 68 6f 73 74 2e 6d 65 2f 63 67 69 2d 73 79 73 2f 73 75 73 70 65 6e 64 65 64 70 61 67 65 2e 63 67 69 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49709	50.6.153.168	443	6532	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:21 UTC	689	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:45:21 UTC	236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 03:45:21 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== Transfer-Encoding: chunked Content-Type: text/html
2024-09-28 03:45:21 UTC	953	IN	Data Raw: 33 62 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 68 6f 73 74 2d 63 64 6e 2e 63 6f 6d 2f 6d 65 64 69 61 2f 75 73 65 72 2f 73 75 73 70 65 6e 64 65 64 5f 61 63 63 6f 75 6e 74 2f 5f 62 68 2f 73 75 73 70 65 6e 64 Data Ascii: 3b2<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspend
2024-09-28 03:45:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49713	34.233.140.183	443	6532	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:21 UTC	581	OUT	GET /media/user/suspended_account/_bh/suspended.css HTTP/1.1 Host: bluehost-cdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://bhy.srl.mybluehost.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:45:22 UTC	404	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 28 Sep 2024 03:45:22 GMT Content-Type: text/css Content-Length: 955 Connection: close Vary: Accept-Encoding Last-Modified: Tue, 09 Jul 2024 15:33:34 GMT ETag: "3bb-61cd240b75b55" Vary: Accept-Encoding Access-Control-Allow-Origin: * Expires: Sat, 05 Oct 2024 03:45:22 GMT Cache-Control: max-age=604800 X-Proxy-Cache: MISS Accept-Ranges: bytes
2024-09-28 03:45:22 UTC	955	IN	Data Raw: 2e 73 75 73 70 65 6e 64 2d 70 68 6f 74 6f 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 20 75 72 6c 28 27 62 68 2d 62 65 62 61 63 6b 2d 73 6f 6f 6e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 63 65 6e 74 65 72 3b 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 0a 7d 0a 2e 73 75 73 70 65 6e 64 2d 74 65 78 74 20 7b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 36 70 78 3b 0a 20 20 74 6f 70 3a 20 33 37 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 35 43 35 43 Data Ascii: .suspend-photo { background: transparent url('bh-beback-soon.png') no-repeat; background: center; width: 100%; height: 100%; opacity: 1;}.suspend-text { position: absolute; font-size: 36px; top: 370px; margin-left: 10px; color: #5C5C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49714	34.233.140.183	443	6532	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:21 UTC	629	OUT	GET /media/user/suspended_account/_bh/beback-soon.png HTTP/1.1 Host: bluehost-cdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bhy.srl.mybluehost.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:45:22 UTC	385	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 28 Sep 2024 03:45:22 GMT Content-Type: image/png Content-Length: 43201 Connection: close Last-Modified: Tue, 30 Mar 2021 21:51:54 GMT ETag: "a8c1-5bec801b19bc5" Vary: Accept-Encoding Access-Control-Allow-Origin: * Expires: Sat, 05 Oct 2024 03:45:22 GMT Cache-Control: max-age=604800 X-Proxy-Cache: MISS Accept-Ranges: bytes
2024-09-28 03:45:22 UTC	15999	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 96 00 00 03 d6 08 06 00 00 00 73 e6 cd 51 00 00 a8 88 49 44 41 54 78 01 ec d8 51 01 80 20 10 05 b0 b3 8c cd 0c 6b 0f 7a 1c 50 80 00 8f 7d ac c4 ea fb c7 0b 00 27 00 00 00 00 d5 fd 2c b5 89 65 00 00 00 00 00 c4 32 00 00 00 00 00 62 19 00 00 00 00 00 b1 0c 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 20 96 01 00 00 00 00 10 cb 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 62 19 00 00 00 00 00 b1 0c 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 20 96 01 00 00 00 00 10 cb 00 00 00 00 00 88 e5 54 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 Data Ascii: PNGIHDRsQIDATxQ kzP}',e2bX@,X@, e2e2bX@,X@, Te2
2024-09-28 03:45:22 UTC	16384	IN	Data Raw: 73 1e 97 f9 0b 2e c6 46 de a7 7d e1 df 71 dd 47 58 06 00 00 00 90 45 f3 6c 8e b7 cc 14 96 97 37 3a 32 fe 1c 13 de 5b 9b f1 5d cb af ed 3c 91 f4 d7 eb 8b c4 85 11 96 73 b1 a3 6e 7f 4e a3 f2 2d 15 75 b2 cf d1 2f a5 bc c6 fe 50 ce 7f ae e9 bb 97 e7 d9 1c 39 8d cb f7 ef 69 10 7f 2c 2e c3 8f 31 e6 8e c4 5f e7 ba 8f b0 0c 00 00 00 20 8b 66 d5 da 6f 2e a6 3b 96 07 fd cf 83 af 66 14 96 ef fe 60 5d f2 e7 3b d7 bb e5 ad fa 1e 64 d9 9d bb 9b f3 12 96 c7 94 d5 9b f2 fb 7f e1 a4 43 ae dd d1 28 57 ef 68 c8 89 bb f6 b7 c9 cc 5a 57 de bf 2f 67 38 6e b2 3b c2 bd 79 fb f9 b6 a1 b5 47 6e ad a8 cb 59 5c d6 77 46 47 8c 84 0c 1d 63 2c 6c a8 5d 5c f7 11 96 01 00 00 00 64 d9 d2 06 c7 a1 62 b9 5b 79 d0 82 ea 76 f9 8f b1 8f a7 1d 96 2f 7a ec cd a4 bf d6 6d fb da e4 9a ca 56 64 d9 Data Ascii: s.F}qGXEl7:2[]<snN-u/P9i,.1_ fo.;f`];dC(WhZW/g8n;yGnY\wFGc,l]\db[yv/zmVd
2024-09-28 03:45:22 UTC	10818	IN	Data Raw: c7 51 19 9d e7 30 df d4 e6 73 f5 29 32 af 28 aa 4a 91 50 4b 58 e6 cb fb 7a 17 96 7f 33 f2 3d f5 b8 01 bb 6b f9 e1 57 66 eb ae fd bf b7 8e 96 bc 52 6b 5a 86 e5 6c 57 a3 30 46 58 8e 19 00 00 00 96 9a 1c e3 36 97 3a 9b 52 2d 5a 9d ac 6a 10 46 58 8e 07 10 96 67 5e b5 44 44 e3 93 55 ae 01 89 cc 05 75 ae 98 9e 4b fd 0e fd 7f 2d 20 2c 1b ef d5 79 6b 63 8e ca b6 aa 4a f9 a7 fb 5e ea d3 cf 19 f6 6a f4 bb 96 8f 66 5d 54 31 59 77 ed fd 2f cd 4a ab b0 ac ce 53 36 37 b7 09 63 84 65 00 00 00 f4 8a 3e 2a a7 16 93 bb 55 18 61 19 84 e5 81 b6 b9 d4 ae 8b bc 37 03 71 53 9b 53 17 86 63 a1 ae 55 8f 51 8f 95 60 87 98 9e 6b e4 e9 62 83 5e 3f 08 cb 03 eb 1f ef 7b 51 8e 65 5f ee 31 2a 9f 38 7f 45 f7 c5 7d 7d 71 3c fb 52 d4 f7 69 c4 b4 25 11 d7 1e c8 bc 92 16 61 79 29 e7 29 33 c2 Data Ascii: Q0s)2(JPKXz3=kWfRkZlW0FX6:R-ZjFXg^DDUuK- ,ykcJ^jf]T1Yw/JS67ce>Ua7qSScUQ`kb^?{Qe_18E}}q<Ri%ay))3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49718	18.216.86.236	443	6532	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:23 UTC	388	OUT	GET /media/user/suspended_account/_bh/beback-soon.png HTTP/1.1 Host: bluehost-cdn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:45:23 UTC	385	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 28 Sep 2024 03:45:23 GMT Content-Type: image/png Content-Length: 43201 Connection: close Last-Modified: Tue, 30 Mar 2021 21:51:54 GMT ETag: "a8c1-5bec801b2f9be" Vary: Accept-Encoding Access-Control-Allow-Origin: * Expires: Sat, 05 Oct 2024 03:45:23 GMT Cache-Control: max-age=604800 X-Proxy-Cache: MISS Accept-Ranges: bytes
2024-09-28 03:45:23 UTC	15999	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 96 00 00 03 d6 08 06 00 00 00 73 e6 cd 51 00 00 a8 88 49 44 41 54 78 01 ec d8 51 01 80 20 10 05 b0 b3 8c cd 0c 6b 0f 7a 1c 50 80 00 8f 7d ac c4 ea fb c7 0b 00 27 00 00 00 00 d5 fd 2c b5 89 65 00 00 00 00 00 c4 32 00 00 00 00 00 62 19 00 00 00 00 00 b1 0c 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 20 96 01 00 00 00 00 10 cb 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 62 19 00 00 00 00 00 b1 0c 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 80 58 06 00 00 00 00 40 2c 03 00 00 00 00 20 96 01 00 00 00 00 10 cb 00 00 00 00 00 88 e5 54 00 00 00 00 00 88 65 00 00 00 00 00 c4 32 00 00 00 00 00 Data Ascii: PNGIHDRsQIDATxQ kzP}',e2bX@,X@, e2e2bX@,X@, Te2
2024-09-28 03:45:23 UTC	16384	IN	Data Raw: 73 1e 97 f9 0b 2e c6 46 de a7 7d e1 df 71 dd 47 58 06 00 00 00 90 45 f3 6c 8e b7 cc 14 96 97 37 3a 32 fe 1c 13 de 5b 9b f1 5d cb af ed 3c 91 f4 d7 eb 8b c4 85 11 96 73 b1 a3 6e 7f 4e a3 f2 2d 15 75 b2 cf d1 2f a5 bc c6 fe 50 ce 7f ae e9 bb 97 e7 d9 1c 39 8d cb f7 ef 69 10 7f 2c 2e c3 8f 31 e6 8e c4 5f e7 ba 8f b0 0c 00 00 00 20 8b 66 d5 da 6f 2e a6 3b 96 07 fd cf 83 af 66 14 96 ef fe 60 5d f2 e7 3b d7 bb e5 ad fa 1e 64 d9 9d bb 9b f3 12 96 c7 94 d5 9b f2 fb 7f e1 a4 43 ae dd d1 28 57 ef 68 c8 89 bb f6 b7 c9 cc 5a 57 de bf 2f 67 38 6e b2 3b c2 bd 79 fb f9 b6 a1 b5 47 6e ad a8 cb 59 5c d6 77 46 47 8c 84 0c 1d 63 2c 6c a8 5d 5c f7 11 96 01 00 00 00 64 d9 d2 06 c7 a1 62 b9 5b 79 d0 82 ea 76 f9 8f b1 8f a7 1d 96 2f 7a ec cd a4 bf d6 6d fb da e4 9a ca 56 64 d9 Data Ascii: s.F}qGXEl7:2[]<snN-u/P9i,.1_ fo.;f`];dC(WhZW/g8n;yGnY\wFGc,l]\db[yv/zmVd
2024-09-28 03:45:23 UTC	10818	IN	Data Raw: c7 51 19 9d e7 30 df d4 e6 73 f5 29 32 af 28 aa 4a 91 50 4b 58 e6 cb fb 7a 17 96 7f 33 f2 3d f5 b8 01 bb 6b f9 e1 57 66 eb ae fd bf b7 8e 96 bc 52 6b 5a 86 e5 6c 57 a3 30 46 58 8e 19 00 00 00 96 9a 1c e3 36 97 3a 9b 52 2d 5a 9d ac 6a 10 46 58 8e 07 10 96 67 5e b5 44 44 e3 93 55 ae 01 89 cc 05 75 ae 98 9e 4b fd 0e fd 7f 2d 20 2c 1b ef d5 79 6b 63 8e ca b6 aa 4a f9 a7 fb 5e ea d3 cf 19 f6 6a f4 bb 96 8f 66 5d 54 31 59 77 ed fd 2f cd 4a ab b0 ac ce 53 36 37 b7 09 63 84 65 00 00 00 f4 8a 3e 2a a7 16 93 bb 55 18 61 19 84 e5 81 b6 b9 d4 ae 8b bc 37 03 71 53 9b 53 17 86 63 a1 ae 55 8f 51 8f 95 60 87 98 9e 6b e4 e9 62 83 5e 3f 08 cb 03 eb 1f ef 7b 51 8e 65 5f ee 31 2a 9f 38 7f 45 f7 c5 7d 7d 71 3c fb 52 d4 f7 69 c4 b4 25 11 d7 1e c8 bc 92 16 61 79 29 e7 29 33 c2 Data Ascii: Q0s)2(JPKXz3=kWfRkZlW0FX6:R-ZjFXg^DDUuK- ,ykcJ^jf]T1Yw/JS67ce>Ua7qSScUQ`kb^?{Qe_18E}}q<Ri%ay))3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49720	50.6.153.168	443	6532	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:24 UTC	623	OUT	GET /favicon.ico HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:45:24 UTC	227	IN	HTTP/1.1 302 Found Date: Sat, 28 Sep 2024 03:45:24 GMT Server: Apache Location: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Content-Length: 239 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-09-28 03:45:24 UTC	239	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 68 79 2e 73 72 6c 2e 6d 79 62 6c 75 65 68 6f 73 74 2e 6d 65 2f 63 67 69 2d 73 79 73 2f 73 75 73 70 65 6e 64 65 64 70 61 67 65 2e 63 67 69 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49721	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:25 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:45:25 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=219577 Date: Sat, 28 Sep 2024 03:45:25 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49722	50.6.153.168	443	6532	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:25 UTC	637	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bhy.srl.mybluehost.me/cgi-sys/suspendedpage.cgi Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:45:25 UTC	236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 03:45:25 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== Transfer-Encoding: chunked Content-Type: text/html
2024-09-28 03:45:25 UTC	953	IN	Data Raw: 33 62 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 68 6f 73 74 2d 63 64 6e 2e 63 6f 6d 2f 6d 65 64 69 61 2f 75 73 65 72 2f 73 75 73 70 65 6e 64 65 64 5f 61 63 63 6f 75 6e 74 2f 5f 62 68 2f 73 75 73 70 65 6e 64 Data Ascii: 3b2<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspend
2024-09-28 03:45:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:26 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:45:26 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=219606 Date: Sat, 28 Sep 2024 03:45:26 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-28 03:45:26 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49724	50.6.153.168	443	6532	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:45:26 UTC	370	OUT	GET /cgi-sys/suspendedpage.cgi HTTP/1.1 Host: bhy.srl.mybluehost.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:45:26 UTC	236	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 03:45:26 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== Transfer-Encoding: chunked Content-Type: text/html
2024-09-28 03:45:26 UTC	953	IN	Data Raw: 33 62 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 62 6c 75 65 68 6f 73 74 2d 63 64 6e 2e 63 6f 6d 2f 6d 65 64 69 61 2f 75 73 65 72 2f 73 75 73 70 65 6e 64 65 64 5f 61 63 63 6f 75 6e 74 2f 5f 62 68 2f 73 75 73 70 65 6e 64 Data Ascii: 3b2<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="//bluehost-cdn.com/media/user/suspended_account/_bh/suspend
2024-09-28 03:45:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1400, Parent PID: 1012

General

Target ID:	0
Start time:	23:45:14
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6532, Parent PID: 1400

General

Target ID:	2
Start time:	23:45:16
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2004,i,1665198897853646266,5550386564409354201,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6392, Parent PID: 1012

General

Target ID:	3
Start time:	23:45:19
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhy.srl.mybluehost.me/SBB/index"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://bhy.srl.mybluehost.me/SBB/index

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

Windows Analysis Report
https://bhy.srl.mybluehost.me/SBB/index