Edit tour

Windows Analysis Report
https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriΡtionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQub

Overview

General Information

Sample URL:	https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriΡtionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=2
Analysis ID:	1604910
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected suspicious crossdomain redirect

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2208,i,8152583084134761886,11834052594652706973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html	Avira URL Cloud: Label: phishing
Source: https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/favicon.ico	Avira URL Cloud: Label: malware

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: f6p4fxqv.r.us-east-1.awstrack.me to https://www.penguinrandomhouse.com/singlepref/unsubscribe?subscriptionguid=69f89be7d7330ce7e0534fd66b0aef04&preferenceid=85001&preferencekey=26961&target=https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html#dmfoawqubwfszwtpqgfyewfzyxnvbc5jb20=

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410 HTTP/1.1Host: f6p4fxqv.r.us-east-1.awstrack.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /singlepref/unsubscribe?SubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04&PreferenceId=85001&PreferenceKey=26961&target=https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html HTTP/1.1Host: www.penguinrandomhouse.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b4.html HTTP/1.1Host: ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: f6p4fxqv.r.us-east-1.awstrack.me
Source: global traffic	DNS traffic detected: DNS query: www.penguinrandomhouse.com
Source: global traffic	DNS traffic detected: DNS query: ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 02 Feb 2025 05:26:14 GMTContent-Type: application/xmlContent-Length: 244Connection: closex-amz-request-id: tx000000a4093a9823ab7a9-00679f01f6-9c36dd7d-defaultAccept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 02 Feb 2025 05:26:15 GMTContent-Type: application/xmlContent-Length: 244Connection: closex-amz-request-id: tx000005c160596e33b47b3-00679f01f7-9bc92673-defaultAccept-Ranges: bytes

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: classification engine

Classification label: mal48.win@17/4@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2208,i,8152583084134761886,11834052594652706973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2208,i,8152583084134761886,11834052594652706973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html	100%	Avira URL Cloud	phishing
https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.penguinrandomhouse.com	13.32.99.20	true	false	high
us-lax-1.linodeobjects.com.akadns.net	172.233.158.186	true	false	unknown
www.google.com	142.250.185.68	true	false	high
baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com	34.199.56.108	true	false	high
ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com	unknown	unknown	false	unknown
f6p4fxqv.r.us-east-1.awstrack.me	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html	false	Avira URL Cloud: phishing	unknown
https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410	false		unknown
https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/favicon.ico	false	Avira URL Cloud: malware	unknown
https://www.penguinrandomhouse.com/singlepref/unsubscribe?SubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04&PreferenceId=85001&PreferenceKey=26961&target=https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
34.199.56.108	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.32.99.20	www.penguinrandomhouse.com	United States	16509	AMAZON-02US	false
172.233.158.186	us-lax-1.linodeobjects.com.akadns.net	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1604910
Start date and time:	2025-02-02 06:25:00 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriΡtionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/4@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.110, 108.177.15.84, 216.58.206.78, 142.250.184.206, 142.250.186.174, 199.232.210.172, 2.23.77.188, 142.250.186.78, 142.250.186.46, 172.217.18.14, 142.250.186.142, 142.250.185.142, 216.58.206.67, 142.250.184.238, 184.28.90.27, 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://f6p4fxqv.r.us-east-1.awstrack.me Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The URL 'https://f6p4fxqv.r.us-east-1.awstrack.me' does not appear to be attempting to spoof a known brand. The domain 'awstrack.me' is commonly associated with AWS (Amazon Web Services) tracking links, which are used for legitimate purposes such as tracking email opens or clicks. The subdomain 'f6p4fxqv.r.us-east-1' seems to be a unique identifier, likely for tracking purposes, and does not resemble any known brand. There are no visual character substitutions or structural changes that suggest typosquatting. The use of 'us-east-1' is a common AWS region identifier, further supporting the legitimate use of this URL for AWS-related services."}
URL: https://f6p4fxqv.r.us-east-1.awstrack.me
URL: https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The URL 'https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com' does not exhibit any clear visual or structural similarities to a known brand. The domain 'linodeobjects.com' is associated with Linode, a cloud hosting provider, and the subdomain appears to be a randomly generated string, likely used for a specific object or resource within Linode's infrastructure. There are no character substitutions or misleading elements that suggest an attempt to mimic a well-known brand. The use of 'us-lax-1' indicates a regional server location, which is common in cloud services. Overall, there is no evidence of typosquatting or user confusion in this URL."}
URL: https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	244
Entropy (8bit):	5.335804085538883
Encrypted:	false
SSDEEP:	6:TMVBd/IqZjvGgnQSIcNzBhi7cK52baKjFan:TMHd1Bv1r+ceGaKa
MD5:	3B9E7782180561BAC30A884D0AC6263D
SHA1:	EF05DC79215C53534E6EF7C3D4F00A98B2D07C90
SHA-256:	9B7BEE9EFC5F710647DFFCF83C3DDC19BDB6ECBC2678B0FF06A71EE2BDC918D5
SHA-512:	C45D5F2D79092E34132039D7D95BD4C14E8A0DC436D499EE6EC97F8B7D01A68736825DB8F4C5F680066CABA32D8E19F7633F087C193C526DBFC1920F7AD102A2
Malicious:	false
Reputation:	low
URL:	https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?><Error><Code>UserSuspended</Code><BucketName>ioplkauw-iwiwkkw-29282wjw</BucketName><RequestId>tx000005c160596e33b47b3-00679f01f7-9bc92673-default</RequestId><HostId>9bc92673-default-default</HostId></Error>

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	244
Entropy (8bit):	5.251408988568035
Encrypted:	false
SSDEEP:	6:TMVBd/IqZjvGgnQSIcNzBh8iADX52n0DXjFan:TMHd1Bv1reLDpbDZa
MD5:	0545222634BC006B927D5956E562B79B
SHA1:	E3B375C3DACBBFB53E4C2DFEAD2C33E0919AB4B1
SHA-256:	3BE983495A8D3B7BDC23A9C56152D49A460C78D858C5B4A9C32178D75BE20AB1
SHA-512:	AC4450B5061DD5521C51F81574C995BE0EF8FCB4270D029563E04C81349B4AFE38DAD71ED5820F5D2DD3F9CB8B822BFF91E6FCF730DE4FB6AE016EDE5021F4F5
Malicious:	false
Reputation:	low
URL:	https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html
Preview:	<?xml version="1.0" encoding="UTF-8"?><Error><Code>UserSuspended</Code><BucketName>ioplkauw-iwiwkkw-29282wjw</BucketName><RequestId>tx000000a4093a9823ab7a9-00679f01f6-9c36dd7d-default</RequestId><HostId>9c36dd7d-default-default</HostId></Error>

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 2, 2025 06:25:50.357917070 CET	49675	443	192.168.2.4	173.222.162.32
Feb 2, 2025 06:26:00.154783010 CET	49675	443	192.168.2.4	173.222.162.32
Feb 2, 2025 06:26:03.021334887 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:03.021383047 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:03.021455050 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:03.021686077 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:03.021699905 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:03.663616896 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:03.663996935 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:03.664016962 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:03.665056944 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:03.665126085 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:03.666661024 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:03.666738987 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:03.716026068 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:03.716033936 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:03.762866020 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:06.988765955 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:06.988797903 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:06.988923073 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:06.989290953 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:06.989340067 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:06.989394903 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:06.989589930 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:06.989600897 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:06.989664078 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:06.989684105 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.578488111 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.584115982 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.622580051 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.634664059 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.685944080 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.685969114 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.686099052 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.686113119 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.687294006 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.687376022 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.690078020 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.690143108 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.714595079 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.714714050 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.715651989 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.715665102 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.715835094 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.715984106 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.770076990 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.770109892 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.770137072 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.816464901 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.870024920 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.870114088 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.870165110 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.870587111 CET	49741	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:07.870609999 CET	443	49741	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:07.892015934 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:07.892061949 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:07.892119884 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:07.892338037 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:07.892357111 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:08.622129917 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:08.622468948 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:08.622493029 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:08.623565912 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:08.623626947 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:08.624967098 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:08.625044107 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:08.625206947 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:08.625219107 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:08.671902895 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:13.566921949 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:13.566981077 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:13.567059994 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:13.687005043 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:13.687241077 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:13.687335014 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:13.687453985 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:13.687475920 CET	443	49743	13.32.99.20	192.168.2.4
Feb 2, 2025 06:26:13.687484980 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:13.687527895 CET	49743	443	192.168.2.4	13.32.99.20
Feb 2, 2025 06:26:13.689450979 CET	49737	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:26:13.689475060 CET	443	49737	142.250.185.68	192.168.2.4
Feb 2, 2025 06:26:13.721287966 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:13.721319914 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:13.721410036 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:13.721647024 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:13.721653938 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.052619934 CET	49723	80	192.168.2.4	199.232.214.172
Feb 2, 2025 06:26:14.057631969 CET	80	49723	199.232.214.172	192.168.2.4
Feb 2, 2025 06:26:14.057706118 CET	49723	80	192.168.2.4	199.232.214.172
Feb 2, 2025 06:26:14.310307980 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.310635090 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.310657024 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.312134027 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.312192917 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.313468933 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.313535929 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.313642979 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.313651085 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.364726067 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.529083014 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.529198885 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.529262066 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.530793905 CET	49746	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.530808926 CET	443	49746	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.613486052 CET	49749	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.613543987 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:14.613646030 CET	49749	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.614100933 CET	49749	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:14.614114046 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:15.227330923 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:15.227663040 CET	49749	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:15.227688074 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:15.228209019 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:15.228564978 CET	49749	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:15.228646994 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:15.228770971 CET	49749	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:15.275330067 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:15.541913986 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:15.542031050 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:15.542092085 CET	49749	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:15.543045998 CET	49749	443	192.168.2.4	172.233.158.186
Feb 2, 2025 06:26:15.543060064 CET	443	49749	172.233.158.186	192.168.2.4
Feb 2, 2025 06:26:38.289238930 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:38.289319992 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:26:38.289375067 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:39.265746117 CET	49742	443	192.168.2.4	34.199.56.108
Feb 2, 2025 06:26:39.265760899 CET	443	49742	34.199.56.108	192.168.2.4
Feb 2, 2025 06:27:02.638631105 CET	49724	80	192.168.2.4	199.232.214.172
Feb 2, 2025 06:27:02.643779039 CET	80	49724	199.232.214.172	192.168.2.4
Feb 2, 2025 06:27:02.643872976 CET	49724	80	192.168.2.4	199.232.214.172
Feb 2, 2025 06:27:03.046261072 CET	49821	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:27:03.046287060 CET	443	49821	142.250.185.68	192.168.2.4
Feb 2, 2025 06:27:03.046358109 CET	49821	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:27:03.046585083 CET	49821	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:27:03.046595097 CET	443	49821	142.250.185.68	192.168.2.4
Feb 2, 2025 06:27:03.681323051 CET	443	49821	142.250.185.68	192.168.2.4
Feb 2, 2025 06:27:03.681732893 CET	49821	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:27:03.681745052 CET	443	49821	142.250.185.68	192.168.2.4
Feb 2, 2025 06:27:03.682207108 CET	443	49821	142.250.185.68	192.168.2.4
Feb 2, 2025 06:27:03.682575941 CET	49821	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:27:03.682657957 CET	443	49821	142.250.185.68	192.168.2.4
Feb 2, 2025 06:27:03.732192039 CET	49821	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:27:13.631628990 CET	443	49821	142.250.185.68	192.168.2.4
Feb 2, 2025 06:27:13.631690025 CET	443	49821	142.250.185.68	192.168.2.4
Feb 2, 2025 06:27:13.631846905 CET	49821	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:27:15.271820068 CET	49821	443	192.168.2.4	142.250.185.68
Feb 2, 2025 06:27:15.271836042 CET	443	49821	142.250.185.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 2, 2025 06:26:00.840385914 CET	53	51742	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:00.846944094 CET	53	51749	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:01.871794939 CET	53	57455	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:03.003242970 CET	57888	53	192.168.2.4	1.1.1.1
Feb 2, 2025 06:26:03.006810904 CET	53943	53	192.168.2.4	1.1.1.1
Feb 2, 2025 06:26:03.009944916 CET	53	57888	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:03.013411045 CET	53	53943	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:06.961822987 CET	51229	53	192.168.2.4	1.1.1.1
Feb 2, 2025 06:26:06.962040901 CET	53802	53	192.168.2.4	1.1.1.1
Feb 2, 2025 06:26:06.969377995 CET	53	53802	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:06.987925053 CET	53	51229	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:07.873313904 CET	50615	53	192.168.2.4	1.1.1.1
Feb 2, 2025 06:26:07.873454094 CET	51764	53	192.168.2.4	1.1.1.1
Feb 2, 2025 06:26:07.882965088 CET	53	51764	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:07.891448021 CET	53	50615	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:13.690031052 CET	49446	53	192.168.2.4	1.1.1.1
Feb 2, 2025 06:26:13.690262079 CET	58735	53	192.168.2.4	1.1.1.1
Feb 2, 2025 06:26:13.708266020 CET	53	49446	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:13.736521006 CET	53	58735	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:14.135574102 CET	138	138	192.168.2.4	192.168.2.255
Feb 2, 2025 06:26:18.914216042 CET	53	57140	1.1.1.1	192.168.2.4
Feb 2, 2025 06:26:38.006177902 CET	53	49550	1.1.1.1	192.168.2.4
Feb 2, 2025 06:27:00.490498066 CET	53	61525	1.1.1.1	192.168.2.4
Feb 2, 2025 06:27:00.633151054 CET	53	51912	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Feb 2, 2025 06:26:13.736597061 CET	192.168.2.4	1.1.1.1	c28a	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 2, 2025 06:26:03.003242970 CET	192.168.2.4	1.1.1.1	0x818c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:03.006810904 CET	192.168.2.4	1.1.1.1	0x7ed2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Feb 2, 2025 06:26:06.961822987 CET	192.168.2.4	1.1.1.1	0xe30a	Standard query (0)	f6p4fxqv.r.us-east-1.awstrack.me	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:06.962040901 CET	192.168.2.4	1.1.1.1	0x6c1e	Standard query (0)	f6p4fxqv.r.us-east-1.awstrack.me	65	IN (0x0001)	false
Feb 2, 2025 06:26:07.873313904 CET	192.168.2.4	1.1.1.1	0x48a4	Standard query (0)	www.penguinrandomhouse.com	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:07.873454094 CET	192.168.2.4	1.1.1.1	0x5650	Standard query (0)	www.penguinrandomhouse.com	65	IN (0x0001)	false
Feb 2, 2025 06:26:13.690031052 CET	192.168.2.4	1.1.1.1	0x70bc	Standard query (0)	ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.690262079 CET	192.168.2.4	1.1.1.1	0x977b	Standard query (0)	ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 2, 2025 06:26:03.009944916 CET	1.1.1.1	192.168.2.4	0x818c	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:03.013411045 CET	1.1.1.1	192.168.2.4	0x7ed2	No error (0)	www.google.com			65	IN (0x0001)	false
Feb 2, 2025 06:26:06.969377995 CET	1.1.1.1	192.168.2.4	0x6c1e	No error (0)	f6p4fxqv.r.us-east-1.awstrack.me	r.us-east-1.awstrack.me		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2025 06:26:06.969377995 CET	1.1.1.1	192.168.2.4	0x6c1e	No error (0)	r.us-east-1.awstrack.me	r.delegate.us-east-1.awstrack.me		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2025 06:26:06.969377995 CET	1.1.1.1	192.168.2.4	0x6c1e	No error (0)	r.delegate.us-east-1.awstrack.me	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	f6p4fxqv.r.us-east-1.awstrack.me	r.us-east-1.awstrack.me		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	r.us-east-1.awstrack.me	r.delegate.us-east-1.awstrack.me		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	r.delegate.us-east-1.awstrack.me	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		34.199.56.108	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		35.168.217.27	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		3.233.29.100	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		52.21.129.197	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		3.227.123.195	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		23.22.184.139	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		35.170.141.24	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:06.987925053 CET	1.1.1.1	192.168.2.4	0xe30a	No error (0)	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com		23.21.125.118	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:07.891448021 CET	1.1.1.1	192.168.2.4	0x48a4	No error (0)	www.penguinrandomhouse.com		13.32.99.20	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:07.891448021 CET	1.1.1.1	192.168.2.4	0x48a4	No error (0)	www.penguinrandomhouse.com		13.32.99.92	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:07.891448021 CET	1.1.1.1	192.168.2.4	0x48a4	No error (0)	www.penguinrandomhouse.com		13.32.99.125	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:07.891448021 CET	1.1.1.1	192.168.2.4	0x48a4	No error (0)	www.penguinrandomhouse.com		13.32.99.9	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com	us-lax-1.linodeobjects.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com	us-lax-1.linodeobjects.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.233.158.186	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.233.143.169	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.233.146.27	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.235.36.35	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.235.36.248	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.233.143.248	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.233.156.112	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.233.143.207	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.235.36.68	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.233.154.81	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.233.143.236	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.708266020 CET	1.1.1.1	192.168.2.4	0x70bc	No error (0)	us-lax-1.linodeobjects.com.akadns.net		172.235.36.26	A (IP address)	IN (0x0001)	false
Feb 2, 2025 06:26:13.736521006 CET	1.1.1.1	192.168.2.4	0x977b	No error (0)	ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com	us-lax-1.linodeobjects.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2025 06:26:13.736521006 CET	1.1.1.1	192.168.2.4	0x977b	No error (0)	us-lax-1.linodeobjects.com	us-lax-1.linodeobjects.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

f6p4fxqv.r.us-east-1.awstrack.me

www.penguinrandomhouse.com

ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49741	34.199.56.108	443	560	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-02 05:26:07 UTC	1056	OUT	GET /L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410 HTTP/1.1 Host: f6p4fxqv.r.us-east-1.awstrack.me Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-02 05:26:07 UTC	368	IN	HTTP/1.1 302 Found Date: Sun, 02 Feb 2025 05:26:07 GMT Location: https://www.penguinrandomhouse.com/singlepref/unsubscribe?SubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04&PreferenceId=85001&PreferenceKey=26961&target=https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html#dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20= Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49743	13.32.99.20	443	560	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-02 05:26:08 UTC	856	OUT	GET /singlepref/unsubscribe?SubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04&PreferenceId=85001&PreferenceKey=26961&target=https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html HTTP/1.1 Host: www.penguinrandomhouse.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-02 05:26:13 UTC	967	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Sun, 02 Feb 2025 05:26:13 GMT Strict-Transport-Security: max-age=31536000; includeSubdomains Referrer-Policy: strict-origin Server: nginx X-Prh-Unsubscribe: unsub pref failed Location: https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html X-XSS-Protection: 1 Content-Security-Policy: frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ .penguinrandomhouse.com .dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com X-Content-Type-Options: nosniff X-Cache: Miss from cloudfront Via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P3 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: VRf-0r6Z3xpsDT8Qy_R_ENsdntdHVa8NNHjHWw0ellsHTjS9nRksng==
2025-02-02 05:26:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49746	172.233.158.186	443	560	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-02 05:26:14 UTC	702	OUT	GET /b4.html HTTP/1.1 Host: ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-02 05:26:14 UTC	227	IN	HTTP/1.1 403 Forbidden Date: Sun, 02 Feb 2025 05:26:14 GMT Content-Type: application/xml Content-Length: 244 Connection: close x-amz-request-id: tx000000a4093a9823ab7a9-00679f01f6-9c36dd7d-default Accept-Ranges: bytes
2025-02-02 05:26:14 UTC	244	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 55 73 65 72 53 75 73 70 65 6e 64 65 64 3c 2f 43 6f 64 65 3e 3c 42 75 63 6b 65 74 4e 61 6d 65 3e 69 6f 70 6c 6b 61 75 77 2d 69 77 69 77 6b 6b 77 2d 32 39 32 38 32 77 6a 77 3c 2f 42 75 63 6b 65 74 4e 61 6d 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 74 78 30 30 30 30 30 30 61 34 30 39 33 61 39 38 32 33 61 62 37 61 39 2d 30 30 36 37 39 66 30 31 66 36 2d 39 63 33 36 64 64 37 64 2d 64 65 66 61 75 6c 74 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 39 63 33 36 64 64 37 64 2d 64 65 66 61 75 6c 74 2d 64 65 66 61 75 6c 74 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>UserSuspended</Code><BucketName>ioplkauw-iwiwkkw-29282wjw</BucketName><RequestId>tx000000a4093a9823ab7a9-00679f01f6-9c36dd7d-default</RequestId><HostId>9c36dd7d-default-default</HostId></Error>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49749	172.233.158.186	443	560	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-02 05:26:15 UTC	667	OUT	GET /favicon.ico HTTP/1.1 Host: ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com/b4.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-02 05:26:15 UTC	227	IN	HTTP/1.1 403 Forbidden Date: Sun, 02 Feb 2025 05:26:15 GMT Content-Type: application/xml Content-Length: 244 Connection: close x-amz-request-id: tx000005c160596e33b47b3-00679f01f7-9bc92673-default Accept-Ranges: bytes
2025-02-02 05:26:15 UTC	244	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 55 73 65 72 53 75 73 70 65 6e 64 65 64 3c 2f 43 6f 64 65 3e 3c 42 75 63 6b 65 74 4e 61 6d 65 3e 69 6f 70 6c 6b 61 75 77 2d 69 77 69 77 6b 6b 77 2d 32 39 32 38 32 77 6a 77 3c 2f 42 75 63 6b 65 74 4e 61 6d 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 74 78 30 30 30 30 30 35 63 31 36 30 35 39 36 65 33 33 62 34 37 62 33 2d 30 30 36 37 39 66 30 31 66 37 2d 39 62 63 39 32 36 37 33 2d 64 65 66 61 75 6c 74 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 39 62 63 39 32 36 37 33 2d 64 65 66 61 75 6c 74 2d 64 65 66 61 75 6c 74 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>UserSuspended</Code><BucketName>ioplkauw-iwiwkkw-29282wjw</BucketName><RequestId>tx000005c160596e33b47b3-00679f01f7-9bc92673-default</RequestId><HostId>9bc92673-default-default</HostId></Error>

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5064, Parent PID: 1068

General

Target ID:	0
Start time:	00:25:55
Start date:	02/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 560, Parent PID: 5064

General

Target ID:	2
Start time:	00:25:57
Start date:	02/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2208,i,8152583084134761886,11834052594652706973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6616, Parent PID: 1068

General

Target ID:	3
Start time:	00:26:06
Start date:	02/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://f6p4fxqv.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.penguinrandomhouse.com%2Fsinglepref%2Funsubscribe%3FSubscriptionGuid=69F89BE7D7330CE7E0534FD66B0AEF04%26PreferenceId=85001%26PreferenceKey=26961%26target=https:%2F%2Fioplkauw-iwiwkkw-29282wjw.us-lax-1.linodeobjects.com%2Fb4.html%23dmFoaWQubWFsZWtpQGFyeWFzYXNvbC5jb20=/1/01000194a92e94f2-f7288fec-a96c-42b8-bfff-ff55db5a5f1d-000000/_CWT2U-lHFJ9BiK4LN4DTLctxc0=410"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5064, Parent PID: 1068

General

Chronological Activities

Analysis Process: chrome.exePID: 560, Parent PID: 5064

General

Chronological Activities

Analysis Process: chrome.exePID: 6616, Parent PID: 1068

General

Chronological Activities

Disassembly