Windows Analysis Report
http://belis.online

Overview

General Information

Sample URL:	http://belis.online
Analysis ID:	1417511

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden URLs or javascript code

Stores files to the Windows start menu directory

Classification

Signatures

HTML page contains hidden URLs or javascript code

Source: http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ec

HTTP Parser: Base64 decoded: {"uuid":"b97eb574-ba14-4dc3-9846-2512f9bfb37d","page_time":1711718510,"page_url":"http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ec","page_method":"GET","page_request":{"subid1":"20240330-0021-48f1-8a45-0a281915c9ec"},"page_headers":{}...

Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol202%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol313%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol453%26client%3Ddp-bodis30_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww25.belis.online%253Fcaf%2526subid1%253D20240330-0021-48f1-8a45-0a281915c9ec%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2497786236455022%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%252C17301447%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D4641711718511217%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww25.belis.online%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711718511219%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D816%26frm%3D0%26uio%3D-%26cont%3Drs%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fww25.belis.onlin...	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol202%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol313%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol453%26client%3Ddp-bodis30_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww25.belis.online%253Fcaf%2526subid1%253D20240330-0021-48f1-8a45-0a281915c9ec%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2497786236455022%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%252C17301447%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D4641711718511217%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww25.belis.online%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711718511219%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D816%26frm%3D0%26uio%3D-%26cont%3Drs%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fww25.belis.onlin...	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=Ryvh8LZ8N7cDmnxQmOwGYCatQ0rdF5rQIUtQngjDgVCEcCKFtE2Wr3Dn0jRYsNlTuMowDW57W_EqZ381pCRU_YIf4jrdqioF1cFjF6zau1K4cqu8FIoy0RFUc5kc0mDK2hBhg3YcM4Jkq6OZzrF2MzJXZ5qZ2-fKOwi7mXWIEAojoavrmTZWo1H_cleGcJvvbLse2CWMwO-0UoVtjhx9rkvMFczCmdaE2V0OgkwZzYtOkkTbr1OfEiKcJHqGeK-wf1hc-PIlKo9vJ5a_Nn0KgQzLMV4OZSo&cb=x1t9bvgsumy	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=1Agc0O1RLIbLZpKIzcbRqeCBpopI-_xwU_E6pQ8ZUPikGdoCBZkQOfw68hQPnrw7jnPa8YooZXKUaBjRBrWz0hr3DjLwczmy6m5u7xsgs0mqkH7-llcLJghtB09wsZAanTp4V52Upsj2ITqvb-KU5MdbhhSbNgj0uvhRReaN7agYJBLeET32giUBoA6NMZhlEHhOVe9wMb-LtatGuP3fnCGJaZiEJnAyvnS7I9f2_srqZTfFrrUwvdenFbfZr_5umuSjgSgLSv5ebkd_o3Hq7eFLBW4JQhk&cb=qie9q4k65br0	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol202%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol313%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol453%26client%3Ddp-bodis30_3ph%26r%3Dm%26sct%3DID%253D6b5e75c2645bbd76%253AT%253D1711718512%253ART%253D1711718512%253AS%253DALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw%26sc_status%3D6%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww25.belis.online%253Fcaf%2526subid1%253D20240330-0022-05c2-a5db-2edf15066893%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2497786236455022%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%252C17301447%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D1741711718525757%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww25.belis.online%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D2%26u_tz%3D60%26dt%3D1711718525757%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26p...	HTTP Parser: No favicon
Source: http://ww25.belis.online/bfgrqDrIh.js	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dsucuri%2Bsite%2Bscan%26rlz%3D1C1ONGR_enUS1103US1103%26oq%3Dsucuri%2Bsite%2Bscan%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCDIyNDRqMGo3qAIAsAIA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmpTArGN2Bm7AGIjDjc4iT4htEVjJihEacudlYs0beAfJLSSS2iZF4y7rnmzv79jrPTM0_pLkSvQVrOzQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49747 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKserver: openrestydate: Fri, 29 Mar 2024 13:21:50 GMTcontent-type: text/html; charset=UTF-8content-encoding: gzipcontent-length: 2637cache-control: no-cachex-version: 2.117.0expires: Thu, 01 Jan 1970 00:00:01 GMTcache-control: no-store, must-revalidatecache-control: post-check=0, pre-check=0pragma: no-cacheset-cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; expires=Fri, 29 Mar 2024 13:36:50 GMT; Max-Age=900; path=/; httponlyData Raw: 1f 8b 08 00 00 00 00 00 04 03 bd 58 4b 9b a2 4a 12 fd 41 bd 18 40 ad 2e 16 b3 50 94 d7 27 58 20 cf dc 09 58 bc 12 74 da 07 8f 5f 7f 4f a6 55 6a d5 74 cf 9d d9 cc a2 3e 4b 92 cc 8c 38 71 22 e2 84 7e af 66 81 d5 d9 aa dd d9 42 37 6e 96 ab 21 09 f6 83 d9 10 55 1e 49 64 4a 24 32 ca 4d 69 1e 53 45 e8 2d 45 18 ac e5 ea 6c 79 f1 d9 1a fd 0b 09 ad 61 dd d0 4b a6 05 43 d2 a8 27 a3 ec 4a d2 b8 ef a9 14 0c 59 13 0c 91 e4 16 58 13 76 a1 48 8d ea d0 db e3 8a fd 4d 6d 6f d5 ad 15 b3 8b c3 8c 7a 93 05 d6 e5 4b 3a 18 2f b8 b7 cb 42 d3 24 8a f1 62 34 6e b7 0e cd 2b d1 e8 68 8d 8b 77 6b b2 38 f0 f3 35 f9 1c 87 f4 e2 37 41 bb 8b 6c 21 6d d4 4b c6 df 57 c7 75 e8 0e bb d0 39 5b 95 33 b3 c7 74 6a 57 c6 68 57 8e 68 7b f3 c1 2a 8d 93 d1 2e 68 da da 57 66 eb 2e 3a 52 b2 52 6b 76 2f c1 f7 54 f2 b1 6e d2 74 12 9c 32 dd 76 98 6d 4e a3 8e 24 80 6f fc fc 42 c8 f4 f9 4b a4 c8 e9 7a 92 4d ac ca bf c4 4d 80 73 ac 4b 22 cd 4e bb 70 46 99 7d 49 a8 4e 03 86 87 df d3 a4 c9 84 1d f6 e2 fe 93 d1 d8 87 38 9c 01 b3 8e e1 d9 31 3b e3 46 ae b1 ff 4c 24 d8 d4 ba 43 22 75 c0 d7 38 a5 1a ad 3f 7d 5f 87 59 85 f3 e1 a7 7c da 78 e9 1f d7 ac 71 35 ae f5 c5 91 28 62 99 48 ee 31 1d c4 36 96 e4 4b a6 9b d7 64 b9 12 ad b2 ff d3 9d 82 ed 59 25 e2 f1 2b 03 16 06 c7 c9 a5 69 23 8e 88 59 c9 7c 8a 43 57 20 c0 9a 7d 4f 24 d2 b0 67 e9 c4 9d 25 5a 70 8b 55 65 f5 96 07 16 79 a9 64 2f e7 ec ac 9b 0d a2 4b 93 68 71 8a 23 97 3a 61 7f 4a 26 d9 18 36 56 b9 81 af 59 18 c8 fc 3d 4d ae 76 13 3c a3 e7 9f 46 eb ce 52 cd 67 f8 0c 24 ec 19 77 6a 70 a9 48 81 1d b7 83 f9 a3 a9 c7 04 dc 62 b6 a4 2d b7 5b dc f9 72 97 69 f4 cc 62 6a 54 c7 26 0e fb 91 6c 11 8b 36 00 c6 fc dd f1 7d db 3f 9f 5f 10 9d ef e5 d8 32 3e 7d f0 bc 20 e0 39 bb 2b 0b e9 5b aa bb c7 24 a4 2f 64 fb c4 91 66 26 26 21 78 52 1a 2f d6 44 cc e0 c3 98 e9 f4 44 22 f8 80 67 88 d3 35 53 16 3f 23 6d 9a 1b 8a 70 06 df 26 3b e0 b7 5b 1e 72 7b 9c 77 a9 9e 63 6d 26 e3 2f 4d 1a f0 5b af 4f 86 56 08 49 d8 e5 7b b1 bf 18 ca 3c 37 34 02 3e 38 67 f0 f2 bc 0b fb d9 a6 5c 8c e0 ce b8 8e 6c c4 85 36 6b 65 de 3a 91 79 8c c3 ae dd dc f7 14 74 17 66 87 0c f7 58 de bc 33 bd 73 9a 94 38 4b 59 20 7e f6 2f 32 31 af 59 38 03 af c0 35 4d 1e 36 e5 bc Data Ascii: XKJA@.P'X Xt_OUjt>K8q"~fB7n!UIdJ$2MiSE-ElyaKC'JYXvHMmozK:/B$b4n+hwk857Al!mKWu9[3tjWhWh{*.hWf.:RRkv/Tnt2vmN$oBKzMMsK"NpF}IN81;FL$C
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKserver: openrestydate: Fri, 29 Mar 2024 13:22:06 GMTcontent-type: text/html; charset=UTF-8content-encoding: gzipcontent-length: 2637cache-control: no-cachex-version: 2.117.0expires: Thu, 01 Jan 1970 00:00:01 GMTcache-control: no-store, must-revalidatecache-control: post-check=0, pre-check=0pragma: no-cacheset-cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; expires=Fri, 29 Mar 2024 13:37:06 GMT; Max-Age=900; path=/; httponlyData Raw: 1f 8b 08 00 00 00 00 00 04 03 bd 58 4b 9b a2 4a 12 fd 41 bd 18 40 ad 2e 16 b3 50 94 d7 27 58 20 cf dc 09 58 bc 12 74 da 07 8f 5f 7f 4f a6 55 6a d5 74 cf 9d d9 cc a2 3e 4b 92 cc 8c 38 71 22 e2 84 7e af 66 81 d5 d9 aa dd d9 42 37 6e 96 ab 21 09 f6 83 d9 10 55 1e 49 64 4a 24 32 ca 4d 69 1e 53 45 e8 2d 45 18 ac e5 ea 6c 79 f1 d9 1e ad 0b 09 ad 61 dd d0 4b a6 05 43 d2 a8 27 a3 ec 4a d2 b8 ef a9 14 0c 59 13 0c 91 e4 16 58 13 76 a1 48 8d ea d0 db e3 8a fd 4d 6d cf 90 d6 8a d9 c5 61 46 bd c9 02 eb f2 25 1d 8c 17 dc db 65 a1 69 12 c5 78 31 1a b7 5b 87 e6 95 68 74 b4 c6 c5 bb 35 59 1c f8 f9 9a 7c 8e 43 7a f1 9b a0 dd 45 b6 90 36 ea 25 e3 ef ab e3 3a 74 87 5d e8 9c ad ca 99 d9 63 3a b5 2b 63 b4 2b 47 b4 bd f9 60 95 c6 c9 68 17 34 6d ed 2b b3 75 17 1d 29 59 a9 35 bb 97 e0 7b 2a f9 58 37 69 3a 09 4e 99 6e 3b cc 36 a7 51 47 12 c0 37 7e 7e 21 64 fa fc 25 52 e4 74 3d c9 26 56 e5 5f e2 26 c0 39 d6 25 91 66 a7 5d 38 a3 cc be 24 54 a7 01 c3 c3 ef 69 d2 64 c2 0e 7b 71 ff c9 68 ec 43 1c ce 80 59 c7 f0 ec 98 9d 71 23 d7 d8 7f 26 12 6c 6a dd 21 91 3a e0 6b 9c 52 8d d6 9f be af c3 ac c2 f9 f0 53 3e 6d bc f4 8f 6b d6 b8 1a d7 fa e2 48 14 b1 4c 24 f7 98 0e 62 1b 4b f2 25 d3 cd 6b b2 5c 89 56 d9 ff e9 4e c1 f6 ac 12 f1 f8 95 01 0b 83 e3 e4 d2 b4 11 47 c4 ac 64 3e c5 a1 2b 10 60 cd be 27 12 69 d8 b3 74 e2 ce 12 2d b8 c5 aa b2 7a cb 03 8b bc 54 b2 97 73 76 d6 cd 06 d1 a5 49 b4 38 c5 91 4b 9d b0 3f 25 93 6c 0c 1b ab dc c0 d7 2c 0c 64 fe 9e 26 57 bb 09 9e d1 f3 4f a3 75 67 a9 e6 33 7c 06 12 f6 8c 3b 35 b8 54 a4 c0 8e db c1 fc d1 d4 63 02 6e 31 5b d2 96 db 2d ee 7c b9 cb 34 7a 66 31 35 aa 63 13 87 fd 48 b6 88 45 1b 00 63 fe ee f8 be ed 9f cf 2f 88 ce f7 72 6c 19 9f 3e 78 5e 10 f0 9c dd 95 85 f4 2d d5 dd 63 12 d2 17 b2 7d e2 48 33 13 93 10 3c 29 8d 17 6b 22 66 f0 61 cc 74 7a 22 11 7c c0 33 c4 e9 9a 29 8b 9f 91 36 cd 0d 45 38 83 6f 93 1d f0 db 2d 0f b9 3d ce bb 54 cf b1 36 93 f1 97 26 0d f8 ad d7 27 43 2b 84 24 ec f2 bd d8 5f 0c 65 9e 1b 1a 01 1f 9c 33 78 79 de 85 fd 6c 53 2e 46 70 67 5c 47 36 e2 42 9b b5 32 6f 9d c8 3c c6 61 d7 6e ee 7b 0a ba 0b b3 43 86 7b 2c 6f de 99 de 39 4d 4a 9c a5 2c 10 3f fb 17 99 98 d7 2c 9c 81 57 e0 9a 26 0f 9b 72 5e Data Ascii: XKJA@.P'X Xt_OUjt>K8q"~fB7n!UIdJ$2MiSE-ElyaKC'JYXvHMmaF%eix1[ht5Y\|CzE6%:t]c:+c+G`h4m+u)Y5{*X7i:Nn;6QG7~~!d%Rt=&V_&9%f]8$Tid{qhCYq#&lj!

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?subid1=20240330-0021-48f1-8a45-0a281915c9ec HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bIjYFmKcC.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ecAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d
Source: global traffic	HTTP traffic detected: GET /_fd?subid1=20240330-0021-48f1-8a45-0a281915c9ec HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d
Source: global traffic	HTTP traffic detected: GET /?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /bKzqzpOlR.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://ww25.belis.online/?subid1=20240330-0022-05c2-a5db-2edf15066893Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /_fd?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://ww25.belis.online/?subid1=20240330-0022-05c2-a5db-2edf15066893Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /bfgrqDrIh.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /bfgrqDrIh.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://ww25.belis.online/bfgrqDrIh.jsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw

Source: unknown

DNS traffic detected: queries for: belis.online

Source: unknown

HTTP traffic detected: POST /_fd?subid1=20240330-0021-48f1-8a45-0a281915c9ec HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveContent-Length: 0Accept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonOrigin: http://ww25.belis.onlineReferer: http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ecAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49747 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@24/20@19/213

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://belis.online/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1960,i,13513610279328154140,15974765438364974475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1960,i,13513610279328154140,15974765438364974475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.122.104	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
103.224.212.210	belis.online	Australia	133618	TRELLIAN-AS-APTrellianPtyLimitedAU	false
142.251.111.95	unknown	United States	15169	GOOGLEUS	false
172.253.62.94	unknown	United States	15169	GOOGLEUS	false
172.253.62.84	unknown	United States	15169	GOOGLEUS	false
142.251.163.113	unknown	United States	15169	GOOGLEUS	false
199.59.243.225	77026.bodis.com	United States	395082	BODIS-NJUS	false
142.251.16.138	unknown	United States	15169	GOOGLEUS	false
172.253.63.103	www.google.com	United States	15169	GOOGLEUS	false
172.253.122.101	www3.l.google.com	United States	15169	GOOGLEUS	false
142.251.167.94	unknown	United States	15169	GOOGLEUS	false
142.251.167.95	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.115.103	unknown	United States	15169	GOOGLEUS	false
142.251.179.100	unknown	United States	15169	GOOGLEUS	false
172.253.115.156	unknown	United States	15169	GOOGLEUS	false
142.250.31.94	unknown	United States	15169	GOOGLEUS	false
142.251.16.95	unknown	United States	15169	GOOGLEUS	false
142.251.16.94	unknown	United States	15169	GOOGLEUS	false
142.251.163.94	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
77026.bodis.com	199.59.243.225	true
www3.l.google.com	172.253.122.101	true
belis.online	103.224.212.210	true
www.google.com	172.253.63.103	true
ww25.belis.online	unknown	unknown
www.adsensecustomsearchads.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=Ryvh8LZ8N7cDmnxQmOwGYCatQ0rdF5rQIUtQngjDgVCEcCKFtE2Wr3Dn0jRYsNlTuMowDW57W_EqZ381pCRU_YIf4jrdqioF1cFjF6zau1K4cqu8FIoy0RFUc5kc0mDK2hBhg3YcM4Jkq6OZzrF2MzJXZ5qZ2-fKOwi7mXWIEAojoavrmTZWo1H_cleGcJvvbLse2CWMwO-0UoVtjhx9rkvMFczCmdaE2V0OgkwZzYtOkkTbr1OfEiKcJHqGeK-wf1hc-PIlKo9vJ5a_Nn0KgQzLMV4OZSo&cb=x1t9bvgsumy	false		high
http://ww25.belis.online/favicon.ico	false	Avira URL Cloud: safe	unknown
http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ec	false		unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	false		high
http://ww25.belis.online/bfgrqDrIh.js	false		unknown
http://belis.online/	false	Avira URL Cloud: safe	unknown
http://ww25.belis.online/bIjYFmKcC.js	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=1Agc0O1RLIbLZpKIzcbRqeCBpopI-_xwU_E6pQ8ZUPikGdoCBZkQOfw68hQPnrw7jnPa8YooZXKUaBjRBrWz0hr3DjLwczmy6m5u7xsgs0mqkH7-llcLJghtB09wsZAanTp4V52Upsj2ITqvb-KU5MdbhhSbNgj0uvhRReaN7agYJBLeET32giUBoA6NMZhlEHhOVe9wMb-LtatGuP3fnCGJaZiEJnAyvnS7I9f2_srqZTfFrrUwvdenFbfZr_5umuSjgSgLSv5ebkd_o3Hq7eFLBW4JQhk&cb=qie9q4k65br0	false		high
http://ww25.belis.online/_fd?subid1=20240330-0022-05c2-a5db-2edf15066893	false	Avira URL Cloud: safe	unknown
http://ww25.belis.online/bKzqzpOlR.js	false	Avira URL Cloud: safe	unknown
http://ww25.belis.online/_fd?subid1=20240330-0021-48f1-8a45-0a281915c9ec	false	Avira URL Cloud: safe	unknown
http://ww25.belis.online/?subid1=20240330-0022-05c2-a5db-2edf15066893	false		unknown
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dsucuri%2Bsite%2Bscan%26rlz%3D1C1ONGR_enUS1103US1103%26oq%3Dsucuri%2Bsite%2Bscan%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCDIyNDRqMGo3qAIAsAIA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmpTArGN2Bm7AGIjDjc4iT4htEVjJihEacudlYs0beAfJLSSS2iZF4y7rnmzv79jrPTM0_pLkSvQVrOzQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
about:blank	false	Avira URL Cloud: safe	low

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FBB6C3099370BED6F5CB7CADFFC373F2	7A056E337BE284A5FDBBEB2B6EF4BC60C9729A9C	764DEFC61B7DA3F35C8B0A84C8AA50C523AEC29C6827E04FBE1561FBC924F67B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	28C3A3D177DE58B78FB580B6F17D9D1B	F2597F176A52F8BD91992E63D119E367EFF21122	7E67FE56098949C9E639D5358B37B7DBDAFF052544EFC569A1069F4A3EB93449
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CF9B269F5FCB3FC5AA42A4B2B4D87424	7BBAF30861C9C6653DD7C2C0E782D92A35D90A83	BBDA323B5E3338C9B8CDD090FBE7C138747C9CC1BFDB5FE8D95D6425048FB531
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5C648DDE3BBFB652009CD459C6252AB2	BFF6C3851019DB2E52CC94539C3B44211187EB59	37E22A5019DE138AE90036941543BD842227F9F521660C823099B51EC90BF76D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:50 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5A9A551AA7D593E609EF143BCBA120A6	157187150BC391E053F3F48847CEECA8C458AA90	8887A9BF12E85C06656F434A5E99B826F86C7D6E3700562A9436767D36D884C5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 12:21:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5FD7DD9AACC9468D9FFB85977E4EAEC3	FE29EF4E564009699FD1A9A1C112098A190E8FA5	D671F394A4BE4782E9C1920BEE8804B5D2F3CE7BD1161666BD46EE1B3172B1E2
Chrome Cache Entry: 80	Unicode text, UTF-8 text, with very long lines (800)	C13E3A34FD138BE3B98C6DB5DF804023	1141F29ED812BC0B1F3C2208350A884CBF5A4358	DA14BD6147AED5EF702A9F7D97EDFA81ACE02C41022270BB47E85AA1A7115FB0
Chrome Cache Entry: 81	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 82	ASCII text, with very long lines (596)	48C590D47C8B1868CECAB334E9A34CBE	5F1A9F94294EC337F657AC2EBEC1C74E097CE5B3	F3756825DF5194A174B7A55EBD3B484C276766EEF21343D34B053B98ED386801
Chrome Cache Entry: 84	ASCII text, with very long lines (378), with no line terminators	D086DB8681F3D3BC3A266E09726DC22B	D3F02AC1FE98FA317526A42764C258995A2EF83C	DA0EF7B54F944568589EBDF5C1DA15FD0FE1AC0FCCB228BE193903B1EB79248C
Chrome Cache Entry: 85	ASCII text, with very long lines (2283)	DB8C53E7E618B3343FB5AA501D7A7753	6455B92800A52095EBAF9A71F58DE766271B7859	49BEA805DCF586741AB7205A35CDD5FEDCDB0AB7707D899102B0CA87193798BC
Chrome Cache Entry: 87	ASCII text, with very long lines (1222), with no line terminators	13F205D907EAAD06744379FF66C6ECDB	096C28C619C99714192E2161A60315A404BC0618	15347086A4C3F7A12D7AE800FA711B988A1C1C1572262D53B9295D1E1A089E8A
Chrome Cache Entry: 88	ASCII text, with very long lines (56398), with no line terminators	EB4BC511F79F7A1573B45F5775B3A99B	D910FB51AD7316AA54F055079374574698E74B35	7859A62E04B0ACB06516EB12454DE6673883ECFAEAED6C254659BCA7CD59C050
Chrome Cache Entry: 89	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 91	ASCII text, with no line terminators	A3144EE887752BC84252FAACD4DFFD83	172430F70BAEDA54BB9F533293E0E80A2DA5835D	8B87CFF79D0F8142D02D4A5991C83A5D59A7733BCB0EBEDD0DE57E559C6EAEFB
Chrome Cache Entry: 92	Unicode text, UTF-8 text, with very long lines (33125)	B971725E328E1D07F35024AF21596386	7A9881A6A5FD4E7990FA0E2AA8A01167081B001F	8BE83D07B210AFAAEBECEC818613A8B38847EC4B423993D038CE7BD6CFED6A73
Chrome Cache Entry: 93	ASCII text, with no line terminators	9F9C09E710BF4B791F895D28BCA13B4E	E83642A8B6872CEBBACD4A3902A7C55D7E6B89BB	BFE921737A9444EA43003FCEE8F7BA1F9BFA429502ED435976605A5A87FA6A18
Chrome Cache Entry: 94	ASCII text, with very long lines (17572)	0C4D3AB97EFA1A507DD8F13E313ABF93	69A2C481F8C5DB9FE2B3AD071EDC08018AD91E73	38CCDB27CEE0901E4C014932EA698307899F9641336B8AD01D424D083E214BFE
Chrome Cache Entry: 95	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 97	ASCII text, with very long lines (2763)	3F3CC49E4F98066A6EBCA8756E6F55A5	D825929C4A9AAF38AD329C07E9A62F13E8BE3609	092896A7698B1481D83A0C8091EA3D3BC2A73A85BFA24CFB5869118EE3D58FC7

HTML page contains hidden URLs or javascript code

Source: http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ec

Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol202%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol313%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol453%26client%3Ddp-bodis30_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww25.belis.online%253Fcaf%2526subid1%253D20240330-0021-48f1-8a45-0a281915c9ec%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2497786236455022%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%252C17301447%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D4641711718511217%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww25.belis.online%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711718511219%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D816%26frm%3D0%26uio%3D-%26cont%3Drs%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fww25.belis.onlin...	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol202%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol313%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol453%26client%3Ddp-bodis30_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww25.belis.online%253Fcaf%2526subid1%253D20240330-0021-48f1-8a45-0a281915c9ec%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2497786236455022%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%252C17301447%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D4641711718511217%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww25.belis.online%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711718511219%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D816%26frm%3D0%26uio%3D-%26cont%3Drs%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fww25.belis.onlin...	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=Ryvh8LZ8N7cDmnxQmOwGYCatQ0rdF5rQIUtQngjDgVCEcCKFtE2Wr3Dn0jRYsNlTuMowDW57W_EqZ381pCRU_YIf4jrdqioF1cFjF6zau1K4cqu8FIoy0RFUc5kc0mDK2hBhg3YcM4Jkq6OZzrF2MzJXZ5qZ2-fKOwi7mXWIEAojoavrmTZWo1H_cleGcJvvbLse2CWMwO-0UoVtjhx9rkvMFczCmdaE2V0OgkwZzYtOkkTbr1OfEiKcJHqGeK-wf1hc-PIlKo9vJ5a_Nn0KgQzLMV4OZSo&cb=x1t9bvgsumy	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=1Agc0O1RLIbLZpKIzcbRqeCBpopI-_xwU_E6pQ8ZUPikGdoCBZkQOfw68hQPnrw7jnPa8YooZXKUaBjRBrWz0hr3DjLwczmy6m5u7xsgs0mqkH7-llcLJghtB09wsZAanTp4V52Upsj2ITqvb-KU5MdbhhSbNgj0uvhRReaN7agYJBLeET32giUBoA6NMZhlEHhOVe9wMb-LtatGuP3fnCGJaZiEJnAyvnS7I9f2_srqZTfFrrUwvdenFbfZr_5umuSjgSgLSv5ebkd_o3Hq7eFLBW4JQhk&cb=qie9q4k65br0	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D3113057640%26pcsa%3Dfalse%26channel%3Dpid-bodis-gcontrol202%252Cpid-bodis-gcontrol97%252Cpid-bodis-gcontrol313%252Cpid-bodis-gcontrol152%252Cpid-bodis-gcontrol453%26client%3Ddp-bodis30_3ph%26r%3Dm%26sct%3DID%253D6b5e75c2645bbd76%253AT%253D1711718512%253ART%253D1711718512%253AS%253DALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw%26sc_status%3D6%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fww25.belis.online%253Fcaf%2526subid1%253D20240330-0022-05c2-a5db-2edf15066893%26max_radlink_len%3D50%26type%3D3%26uiopt%3Dfalse%26swp%3Das-drid-2497786236455022%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%252C17301447%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D1741711718525757%26num%3D0%26output%3Dafd_ads%26domain_name%3Dww25.belis.online%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D2%26u_tz%3D60%26dt%3D1711718525757%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26p...	HTTP Parser: No favicon
Source: http://ww25.belis.online/bfgrqDrIh.js	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dsucuri%2Bsite%2Bscan%26rlz%3D1C1ONGR_enUS1103US1103%26oq%3Dsucuri%2Bsite%2Bscan%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCDIyNDRqMGo3qAIAsAIA%26sourceid%3Dchrome%26ie%3DUTF-8&q=EgRmpTArGN2Bm7AGIjDjc4iT4htEVjJihEacudlYs0beAfJLSSS2iZF4y7rnmzv79jrPTM0_pLkSvQVrOzQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49747 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.12.114

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKserver: openrestydate: Fri, 29 Mar 2024 13:21:50 GMTcontent-type: text/html; charset=UTF-8content-encoding: gzipcontent-length: 2637cache-control: no-cachex-version: 2.117.0expires: Thu, 01 Jan 1970 00:00:01 GMTcache-control: no-store, must-revalidatecache-control: post-check=0, pre-check=0pragma: no-cacheset-cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; expires=Fri, 29 Mar 2024 13:36:50 GMT; Max-Age=900; path=/; httponlyData Raw: 1f 8b 08 00 00 00 00 00 04 03 bd 58 4b 9b a2 4a 12 fd 41 bd 18 40 ad 2e 16 b3 50 94 d7 27 58 20 cf dc 09 58 bc 12 74 da 07 8f 5f 7f 4f a6 55 6a d5 74 cf 9d d9 cc a2 3e 4b 92 cc 8c 38 71 22 e2 84 7e af 66 81 d5 d9 aa dd d9 42 37 6e 96 ab 21 09 f6 83 d9 10 55 1e 49 64 4a 24 32 ca 4d 69 1e 53 45 e8 2d 45 18 ac e5 ea 6c 79 f1 d9 1a fd 0b 09 ad 61 dd d0 4b a6 05 43 d2 a8 27 a3 ec 4a d2 b8 ef a9 14 0c 59 13 0c 91 e4 16 58 13 76 a1 48 8d ea d0 db e3 8a fd 4d 6d 6f d5 ad 15 b3 8b c3 8c 7a 93 05 d6 e5 4b 3a 18 2f b8 b7 cb 42 d3 24 8a f1 62 34 6e b7 0e cd 2b d1 e8 68 8d 8b 77 6b b2 38 f0 f3 35 f9 1c 87 f4 e2 37 41 bb 8b 6c 21 6d d4 4b c6 df 57 c7 75 e8 0e bb d0 39 5b 95 33 b3 c7 74 6a 57 c6 68 57 8e 68 7b f3 c1 2a 8d 93 d1 2e 68 da da 57 66 eb 2e 3a 52 b2 52 6b 76 2f c1 f7 54 f2 b1 6e d2 74 12 9c 32 dd 76 98 6d 4e a3 8e 24 80 6f fc fc 42 c8 f4 f9 4b a4 c8 e9 7a 92 4d ac ca bf c4 4d 80 73 ac 4b 22 cd 4e bb 70 46 99 7d 49 a8 4e 03 86 87 df d3 a4 c9 84 1d f6 e2 fe 93 d1 d8 87 38 9c 01 b3 8e e1 d9 31 3b e3 46 ae b1 ff 4c 24 d8 d4 ba 43 22 75 c0 d7 38 a5 1a ad 3f 7d 5f 87 59 85 f3 e1 a7 7c da 78 e9 1f d7 ac 71 35 ae f5 c5 91 28 62 99 48 ee 31 1d c4 36 96 e4 4b a6 9b d7 64 b9 12 ad b2 ff d3 9d 82 ed 59 25 e2 f1 2b 03 16 06 c7 c9 a5 69 23 8e 88 59 c9 7c 8a 43 57 20 c0 9a 7d 4f 24 d2 b0 67 e9 c4 9d 25 5a 70 8b 55 65 f5 96 07 16 79 a9 64 2f e7 ec ac 9b 0d a2 4b 93 68 71 8a 23 97 3a 61 7f 4a 26 d9 18 36 56 b9 81 af 59 18 c8 fc 3d 4d ae 76 13 3c a3 e7 9f 46 eb ce 52 cd 67 f8 0c 24 ec 19 77 6a 70 a9 48 81 1d b7 83 f9 a3 a9 c7 04 dc 62 b6 a4 2d b7 5b dc f9 72 97 69 f4 cc 62 6a 54 c7 26 0e fb 91 6c 11 8b 36 00 c6 fc dd f1 7d db 3f 9f 5f 10 9d ef e5 d8 32 3e 7d f0 bc 20 e0 39 bb 2b 0b e9 5b aa bb c7 24 a4 2f 64 fb c4 91 66 26 26 21 78 52 1a 2f d6 44 cc e0 c3 98 e9 f4 44 22 f8 80 67 88 d3 35 53 16 3f 23 6d 9a 1b 8a 70 06 df 26 3b e0 b7 5b 1e 72 7b 9c 77 a9 9e 63 6d 26 e3 2f 4d 1a f0 5b af 4f 86 56 08 49 d8 e5 7b b1 bf 18 ca 3c 37 34 02 3e 38 67 f0 f2 bc 0b fb d9 a6 5c 8c e0 ce b8 8e 6c c4 85 36 6b 65 de 3a 91 79 8c c3 ae dd dc f7 14 74 17 66 87 0c f7 58 de bc 33 bd 73 9a 94 38 4b 59 20 7e f6 2f 32 31 af 59 38 03 af c0 35 4d 1e 36 e5 bc Data Ascii: XKJA@.P'X Xt_OUjt>K8q"~fB7n!UIdJ$2MiSE-ElyaKC'JYXvHMmozK:/B$b4n+hwk857Al!mKWu9[3tjWhWh{*.hWf.:RRkv/Tnt2vmN$oBKzMMsK"NpF}IN81;FL$C
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKserver: openrestydate: Fri, 29 Mar 2024 13:22:06 GMTcontent-type: text/html; charset=UTF-8content-encoding: gzipcontent-length: 2637cache-control: no-cachex-version: 2.117.0expires: Thu, 01 Jan 1970 00:00:01 GMTcache-control: no-store, must-revalidatecache-control: post-check=0, pre-check=0pragma: no-cacheset-cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; expires=Fri, 29 Mar 2024 13:37:06 GMT; Max-Age=900; path=/; httponlyData Raw: 1f 8b 08 00 00 00 00 00 04 03 bd 58 4b 9b a2 4a 12 fd 41 bd 18 40 ad 2e 16 b3 50 94 d7 27 58 20 cf dc 09 58 bc 12 74 da 07 8f 5f 7f 4f a6 55 6a d5 74 cf 9d d9 cc a2 3e 4b 92 cc 8c 38 71 22 e2 84 7e af 66 81 d5 d9 aa dd d9 42 37 6e 96 ab 21 09 f6 83 d9 10 55 1e 49 64 4a 24 32 ca 4d 69 1e 53 45 e8 2d 45 18 ac e5 ea 6c 79 f1 d9 1e ad 0b 09 ad 61 dd d0 4b a6 05 43 d2 a8 27 a3 ec 4a d2 b8 ef a9 14 0c 59 13 0c 91 e4 16 58 13 76 a1 48 8d ea d0 db e3 8a fd 4d 6d cf 90 d6 8a d9 c5 61 46 bd c9 02 eb f2 25 1d 8c 17 dc db 65 a1 69 12 c5 78 31 1a b7 5b 87 e6 95 68 74 b4 c6 c5 bb 35 59 1c f8 f9 9a 7c 8e 43 7a f1 9b a0 dd 45 b6 90 36 ea 25 e3 ef ab e3 3a 74 87 5d e8 9c ad ca 99 d9 63 3a b5 2b 63 b4 2b 47 b4 bd f9 60 95 c6 c9 68 17 34 6d ed 2b b3 75 17 1d 29 59 a9 35 bb 97 e0 7b 2a f9 58 37 69 3a 09 4e 99 6e 3b cc 36 a7 51 47 12 c0 37 7e 7e 21 64 fa fc 25 52 e4 74 3d c9 26 56 e5 5f e2 26 c0 39 d6 25 91 66 a7 5d 38 a3 cc be 24 54 a7 01 c3 c3 ef 69 d2 64 c2 0e 7b 71 ff c9 68 ec 43 1c ce 80 59 c7 f0 ec 98 9d 71 23 d7 d8 7f 26 12 6c 6a dd 21 91 3a e0 6b 9c 52 8d d6 9f be af c3 ac c2 f9 f0 53 3e 6d bc f4 8f 6b d6 b8 1a d7 fa e2 48 14 b1 4c 24 f7 98 0e 62 1b 4b f2 25 d3 cd 6b b2 5c 89 56 d9 ff e9 4e c1 f6 ac 12 f1 f8 95 01 0b 83 e3 e4 d2 b4 11 47 c4 ac 64 3e c5 a1 2b 10 60 cd be 27 12 69 d8 b3 74 e2 ce 12 2d b8 c5 aa b2 7a cb 03 8b bc 54 b2 97 73 76 d6 cd 06 d1 a5 49 b4 38 c5 91 4b 9d b0 3f 25 93 6c 0c 1b ab dc c0 d7 2c 0c 64 fe 9e 26 57 bb 09 9e d1 f3 4f a3 75 67 a9 e6 33 7c 06 12 f6 8c 3b 35 b8 54 a4 c0 8e db c1 fc d1 d4 63 02 6e 31 5b d2 96 db 2d ee 7c b9 cb 34 7a 66 31 35 aa 63 13 87 fd 48 b6 88 45 1b 00 63 fe ee f8 be ed 9f cf 2f 88 ce f7 72 6c 19 9f 3e 78 5e 10 f0 9c dd 95 85 f4 2d d5 dd 63 12 d2 17 b2 7d e2 48 33 13 93 10 3c 29 8d 17 6b 22 66 f0 61 cc 74 7a 22 11 7c c0 33 c4 e9 9a 29 8b 9f 91 36 cd 0d 45 38 83 6f 93 1d f0 db 2d 0f b9 3d ce bb 54 cf b1 36 93 f1 97 26 0d f8 ad d7 27 43 2b 84 24 ec f2 bd d8 5f 0c 65 9e 1b 1a 01 1f 9c 33 78 79 de 85 fd 6c 53 2e 46 70 67 5c 47 36 e2 42 9b b5 32 6f 9d c8 3c c6 61 d7 6e ee 7b 0a ba 0b b3 43 86 7b 2c 6f de 99 de 39 4d 4a 9c a5 2c 10 3f fb 17 99 98 d7 2c 9c 81 57 e0 9a 26 0f 9b 72 5e Data Ascii: XKJA@.P'X Xt_OUjt>K8q"~fB7n!UIdJ$2MiSE-ElyaKC'JYXvHMmaF%eix1[ht5Y\|CzE6%:t]c:+c+G`h4m+u)Y5{*X7i:Nn;6QG7~~!d%Rt=&V_&9%f]8$Tid{qhCYq#&lj!

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?subid1=20240330-0021-48f1-8a45-0a281915c9ec HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bIjYFmKcC.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://ww25.belis.online/?subid1=20240330-0021-48f1-8a45-0a281915c9ecAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d
Source: global traffic	HTTP traffic detected: GET /_fd?subid1=20240330-0021-48f1-8a45-0a281915c9ec HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d
Source: global traffic	HTTP traffic detected: GET /?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /bKzqzpOlR.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://ww25.belis.online/?subid1=20240330-0022-05c2-a5db-2edf15066893Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /_fd?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /?subid1=20240330-0022-05c2-a5db-2edf15066893 HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://ww25.belis.online/?subid1=20240330-0022-05c2-a5db-2edf15066893Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /bfgrqDrIh.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /bfgrqDrIh.js HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://ww25.belis.online/bfgrqDrIh.jsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww25.belis.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=b97eb574-ba14-4dc3-9846-2512f9bfb37d; __gsas=ID=6b5e75c2645bbd76:T=1711718512:RT=1711718512:S=ALNI_MaSk4hcUGpaQmS4rq4j8LZ_OOEhzw

Source: unknown

DNS traffic detected: queries for: belis.online

Source: unknown

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.12.114:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49747 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@24/20@19/213

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://belis.online/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1960,i,13513610279328154140,15974765438364974475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1960,i,13513610279328154140,15974765438364974475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1417511
Product:	CloudBasic
Start time:	14:21:19
Start date:	29.03.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://belis.online

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://belis.online

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://belis.online