Windows Analysis Report
Vertex Business Services_SKM_C950633210_650106.pdf

Overview

General Information

Sample name: Vertex Business Services_SKM_C950633210_650106.pdf
Analysis ID: 1467004
MD5: 00d3f7cdd212350ef6cec0e6464cbfb9
SHA1: ebea11f9441b7e975bb441b75c60f84ca324be87
SHA256: 24818257860a7e2be12ec7d91db5a96a11f99d7547164cc631073f24c69a8413
Infos:

Detection

HTMLPhisher
Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
Yara detected HtmlPhish10
Yara detected HtmlPhish62
AI detected suspicious PDF
Phishing site detected (based on logo match)
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body with high number of embedded images detected
HTML page contains hidden URLs or javascript code
HTML title does not match URL
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
AI detected phishing page
Source: https://smartcart.com.ru LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://smartcart.com.ru' is highly suspicious as it does not match the legitimate domain 'microsoft.com' associated with the Microsoft brand. The page displays a prominent login form, which is a common tactic used in phishing attacks. Additionally, the presence of a suspicious link ('Create one!') and the use of social engineering techniques (e.g., mimicking the Microsoft login page) further indicate that this is likely a phishing site. DOM: 0.7.pages.csv
Yara detected HtmlPhish10
Source: Yara match File source: 0.7.pages.csv, type: HTML
Source: Yara match File source: 0.6.pages.csv, type: HTML
Yara detected HtmlPhish62
Source: Yara match File source: 0.7.pages.csv, type: HTML
Source: Yara match File source: 0.6.pages.csv, type: HTML
Phishing site detected (based on logo match)
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t Matcher: Template: microsoft matched
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: Number of links: 0
HTML body with high number of embedded images detected
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: Total embedded image size: 45708
HTML page contains hidden URLs or javascript code
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: Base64 decoded: https://korrespondenzanwalt.msk.ru///4067.php
HTML title does not match URL
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: Title: reliable does not match URL
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: No favicon
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: No favicon
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: No favicon
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normal HTTP Parser: No favicon
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: No <meta name="author".. found
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: No <meta name="author".. found
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: No <meta name="copyright".. found
Source: https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:53015 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:53055 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.4:53014 -> 1.1.1.1:53
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.17.3.184 104.17.3.184
Source: Joe Sandbox View IP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox View IP Address: 104.17.24.14 104.17.24.14
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yU6tMXfoY8W3ma8&MD=khHT6oe5 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /NqjcA/ HTTP/1.1Host: smartcart.com.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://smartcart.com.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/g/d2a97f6b6ec9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://smartcart.com.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://smartcart.com.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d786589a36422b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: smartcart.com.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://smartcart.com.ru/NqjcA/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=iv4s3otrlfmth5s5ofe6ulf9a1
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/767211665:1720012542:UJm5YzHmj9cuuDszlMGBLVcD4U0ICVMJy3cqQFL5po8/89d786589a36422b/62e61516ddb07b4 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d786589a36422b/1720016517594/SQAG7FH5FNKplEC HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d786589a36422b/1720016517594/SQAG7FH5FNKplEC HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/89d786589a36422b/1720016517596/6a820e37863bba0c78d5852765ec22fa344624eef4de8561413100798b3ddbac/EyOLZfsS1q-4hb7 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/767211665:1720012542:UJm5YzHmj9cuuDszlMGBLVcD4U0ICVMJy3cqQFL5po8/89d786589a36422b/62e61516ddb07b4 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yU6tMXfoY8W3ma8&MD=khHT6oe5 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://smartcart.com.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7896ddbcf41e9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1652223767:1720012280:jpt2xJOuqh3Yxs0ZPjNUWuCmil57JX1IIJjPp5L34mE/89d7896ddbcf41e9/dba20c165b8c3c9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d7896ddbcf41e9/1720016644189/u1VDXhBiv2-2_Ew HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/89d7896ddbcf41e9/1720016644189/u1VDXhBiv2-2_Ew HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/89d7896ddbcf41e9/1720016644190/b827cdac8873e1fd53b1ae41f3f681856307741a9b26c7bdec38a086f18ce7e3/zDYEhy7E3og3zmG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1652223767:1720012280:jpt2xJOuqh3Yxs0ZPjNUWuCmil57JX1IIJjPp5L34mE/89d7896ddbcf41e9/dba20c165b8c3c9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1652223767:1720012280:jpt2xJOuqh3Yxs0ZPjNUWuCmil57JX1IIJjPp5L34mE/89d7896ddbcf41e9/dba20c165b8c3c9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://smartcart.com.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /NqjcA/, HTTP/1.1Host: smartcart.com.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://smartcart.com.ru/NqjcA/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=iv4s3otrlfmth5s5ofe6ulf9a1
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://smartcart.com.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET // HTTP/1.1Host: korrespondenzanwalt.msk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET ///4067.php HTTP/1.1Host: korrespondenzanwalt.msk.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: smartcart.com.ru
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: korrespondenzanwalt.msk.ru
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: unknown HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/767211665:1720012542:UJm5YzHmj9cuuDszlMGBLVcD4U0ICVMJy3cqQFL5po8/89d786589a36422b/62e61516ddb07b4 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2949sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 62e61516ddb07b4sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 14:21:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bcGUJh5FE1UOjggcsB6dfG1fVqDsUymwmfUUQZrk%2Fhni97ebRqErqQgnoYWZH%2Fg%2Fa8bBUJ0CFi%2B%2FVq6B0Kllc6IxenGSuHvbRKw5etA714LfQDUFftrax8nAf5ECrkuxeXwy"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d786628b329e02-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 14:21:58 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: FsoLm779ZT/DN00JqkLFFg==$cLt2fVvr43pjlINHQInzXQ==Server: cloudflareCF-RAY: 89d786691d9d8cc8-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 14:22:02 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: f6gsJKzcGGtaqZL+wUJQ8A==$c5Cgqaqsdt+3pmto8IbmvA==Server: cloudflareCF-RAY: 89d78680883b43bf-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 14:24:05 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: QTQVGR5AUIpgXi0vljPlfA==$WbXri7/qCYUsOVTwRALPxw==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 89d789803d0b7cb4-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 14:24:08 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 3xREasO52Cm9Wiot1dJ6qQ==$ZF50bYHepCHGA78ZiI214g==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 89d789941f6d427c-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 14:24:24 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: qPB+so0SOC75Fyk8Xb6HVA==$QidyvK5TqJ+d8U+W7okOPA==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 89d789f65b350c7a-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 14:24:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Z%2B2mqucgiqISdthkfK4ykkg%2F431UyRBvwTXQ8Z8kHmYNNwaN8vsSXx8yveYmCfPjGRrdAe10CEjizOhlqyyiwwk9jd9OZQa9zbWBoImGx18xYMVFmqHGHIIrvcqqMobJzgp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d78a168a4f4407-EWRalt-svc: h3=":443"; ma=86400
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.dr String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_205.10.dr String found in binary or memory: https://cdn.jsdelivr.net/npm/
Source: chromecache_205.10.dr String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_205.10.dr String found in binary or memory: https://code.jquery.com/jquery-3.5.1.slim.min.js
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#about
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#classic-cars
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#contact
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#electric-vehicles
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#faq
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#learn-more
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#modern-supercars
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#privacy
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#services
Source: chromecache_205.10.dr String found in binary or memory: https://korrespondenzanwalt.msk.ru/#terms
Source: chromecache_205.10.dr String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
Source: chromecache_205.10.dr String found in binary or memory: https://www.carlogos.org/uploads/2023/most-bought-super-cars-in-illinois-huracan.jpg
Source: chromecache_205.10.dr String found in binary or memory: https://www.topgear.com/sites/default/files/2021/12/18.%20Koenigsegg%20Jesko.jpeg
Source: chromecache_205.10.dr String found in binary or memory: https://www.topgear.com/sites/default/files/2024/02/ioniq5n.jpeg
Source: unknown Network traffic detected: HTTP traffic on port 53046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53071 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53069 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53075 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53047
Source: unknown Network traffic detected: HTTP traffic on port 53033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53046
Source: unknown Network traffic detected: HTTP traffic on port 53062 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53036 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53055
Source: unknown Network traffic detected: HTTP traffic on port 53066 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53059 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53081 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 53043 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53074 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53078 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53015
Source: unknown Network traffic detected: HTTP traffic on port 53032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53059
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53057
Source: unknown Network traffic detected: HTTP traffic on port 53070 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53062
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53061
Source: unknown Network traffic detected: HTTP traffic on port 53063 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53060
Source: unknown Network traffic detected: HTTP traffic on port 53035 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53066
Source: unknown Network traffic detected: HTTP traffic on port 53039 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53065
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53064
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53063
Source: unknown Network traffic detected: HTTP traffic on port 53067 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53042 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53077 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53029 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53073 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53026
Source: unknown Network traffic detected: HTTP traffic on port 53031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53069
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53068
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53067
Source: unknown Network traffic detected: HTTP traffic on port 53015 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53029
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53073
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53072
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53071
Source: unknown Network traffic detected: HTTP traffic on port 53060 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53070
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53033
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53077
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53032
Source: unknown Network traffic detected: HTTP traffic on port 53064 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53076
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53031
Source: unknown Network traffic detected: HTTP traffic on port 53057 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53075
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53030
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53074
Source: unknown Network traffic detected: HTTP traffic on port 53041 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53047 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53072 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53076 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53068 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53036
Source: unknown Network traffic detected: HTTP traffic on port 53055 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53035
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53079
Source: unknown Network traffic detected: HTTP traffic on port 53034 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53034
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53078
Source: unknown Network traffic detected: HTTP traffic on port 53030 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53039
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53040
Source: unknown Network traffic detected: HTTP traffic on port 53061 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53081
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53044
Source: unknown Network traffic detected: HTTP traffic on port 53065 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53043
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53042
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53041
Source: unknown Network traffic detected: HTTP traffic on port 53044 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53079 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53080
Source: unknown Network traffic detected: HTTP traffic on port 53040 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:53015 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:53055 version: TLS 1.2
Source: classification engine Classification label: mal80.phis.winPDF@44/65@22/11
Source: Vertex Business Services_SKM_C950633210_650106.pdf Initial sample: https://r%2eg%2eb%69ng%2ecom/bam/ac?!&&u=a1aHR0cHM6Ly9zbWFydGNhcnQuY29tLnJ1L05xamNBLw==#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t
Source: Vertex Business Services_SKM_C950633210_650106.pdf Initial sample: https://r%2eg%2eb%69ng%2ecom/bam/ac?!&&u=a1ahr0chm6ly9zbwfydgnhcnquy29tlnj1l05xamnblw==#rbwfya2v0aw5nqhdhdgvyc21hcnquy29t
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 10-21-27-713.log Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: unknown Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Vertex Business Services_SKM_C950633210_650106.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1508,i,12120855588788199113,17922120396274843957,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://r%2eg%2eb%69ng%2ecom/bam/ac?!&&u=a1aHR0cHM6Ly9zbWFydGNhcnQuY29tLnJ1L05xamNBLw==#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1992,i,12594523878438319021,7890477079520366463,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1508,i,12120855588788199113,17922120396274843957,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1992,i,12594523878438319021,7890477079520366463,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Vertex Business Services_SKM_C950633210_650106.pdf Initial sample: PDF keyword /JS count = 0
Source: Vertex Business Services_SKM_C950633210_650106.pdf Initial sample: PDF keyword /JavaScript count = 0
Source: Vertex Business Services_SKM_C950633210_650106.pdf Initial sample: PDF keyword /EmbeddedFile count = 0

Persistence and Installation Behavior
barindex
AI detected suspicious PDF
Source: PDF shot LLM: Score: 8 Reasons: The PDF document contains a visually prominent 'View Documents' button, which is a common tactic used in phishing attempts to lure users into clicking on potentially harmful links. The text 'Please review and sign your document below' creates a sense of urgency, prompting the user to take immediate action. Additionally, the document impersonates well-known brands such as DocuSign and Outlook, which adds a layer of credibility to the phishing attempt. The combination of urgency and brand impersonation significantly increases the risk of phishing.
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467004 Sample: Vertex Business Services_SK... Startdate: 03/07/2024 Architecture: WINDOWS Score: 80 20 code.jquery.com 2->20 34 Antivirus detection for URL or domain 2->34 36 AI detected phishing page 2->36 38 Yara detected HtmlPhish62 2->38 40 3 other signatures 2->40 8 chrome.exe 1 2->8         started        11 Acrobat.exe 20 72 2->11         started        signatures3 process4 dnsIp5 22 192.168.2.16 unknown unknown 8->22 24 192.168.2.4, 138, 443, 49499 unknown unknown 8->24 26 239.255.255.250 unknown Reserved 8->26 13 chrome.exe 8->13         started        16 AcroCEF.exe 106 11->16         started        process6 dnsIp7 28 smartcart.com.ru 104.21.71.69, 443, 53026, 53035 CLOUDFLARENETUS United States 13->28 30 www.google.com 142.250.185.164, 443, 53031, 53057 GOOGLEUS United States 13->30 32 6 other IPs or domains 13->32 18 AcroCEF.exe 2 16->18         started        process8
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.71.69
 smartcart.com.ru United States
13335 CLOUDFLARENETUS true
104.17.3.184
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
142.250.185.164
 www.google.com United States
15169 GOOGLEUS false
104.21.49.92
 korrespondenzanwalt.msk.ru United States
13335 CLOUDFLARENETUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
151.101.194.137
 code.jquery.com United States
54113 FASTLYUS false
104.17.24.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
104.17.2.184
 unknown United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.16
192.168.2.4

Contacted Domains

Name IP Active
smartcart.com.ru 104.21.71.69 true
a.nel.cloudflare.com 35.190.80.1 true
code.jquery.com 151.101.194.137 true
cdnjs.cloudflare.com 104.17.24.14 true
challenges.cloudflare.com 104.17.3.184 true
www.google.com 142.250.185.164 true
korrespondenzanwalt.msk.ru 104.21.49.92 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://smartcart.com.ru/NqjcA/, true
  • Avira URL Cloud: safe
 unknown
https://code.jquery.com/jquery-3.6.0.min.js false
  • URL Reputation: safe
 unknown
https://challenges.cloudflare.com/turnstile/v0/api.js false
  • Avira URL Cloud: safe
 unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/89d7896ddbcf41e9/1720016644190/b827cdac8873e1fd53b1ae41f3f681856307741a9b26c7bdec38a086f18ce7e3/zDYEhy7E3og3zmG false
  • Avira URL Cloud: safe
 unknown
https://challenges.cloudflare.com/turnstile/v0/g/d2a97f6b6ec9/api.js false
  • Avira URL Cloud: safe
 unknown
https://korrespondenzanwalt.msk.ru///4067.php false
  • Avira URL Cloud: safe
 unknown
https://smartcart.com.ru/favicon.ico true
  • Avira URL Cloud: safe
 unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d7896ddbcf41e9 false
  • Avira URL Cloud: safe
 unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=89d786589a36422b false
  • Avira URL Cloud: safe
 unknown
https://a.nel.cloudflare.com/report/v4?s=bcGUJh5FE1UOjggcsB6dfG1fVqDsUymwmfUUQZrk%2Fhni97ebRqErqQgnoYWZH%2Fg%2Fa8bBUJ0CFi%2B%2FVq6B0Kllc6IxenGSuHvbRKw5etA714LfQDUFftrax8nAf5ECrkuxeXwy false
  • Avira URL Cloud: safe
 unknown
https://smartcart.com.ru/NqjcA/#RbWFya2V0aW5nQHdhdGVyc21hcnQuY29t true
  • SlashNext: Credential Stealing type: Phishing & Social Engineering
 unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hj099/0x4AAAAAAAeMifHbAAodRcAd/auto/normal false
    		unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
    • URL Reputation: safe
    		 unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/767211665:1720012542:UJm5YzHmj9cuuDszlMGBLVcD4U0ICVMJy3cqQFL5po8/89d786589a36422b/62e61516ddb07b4 false
    • Avira URL Cloud: safe
    		 unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1652223767:1720012280:jpt2xJOuqh3Yxs0ZPjNUWuCmil57JX1IIJjPp5L34mE/89d7896ddbcf41e9/dba20c165b8c3c9 false
    • Avira URL Cloud: safe
    		 unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/89d786589a36422b/1720016517594/SQAG7FH5FNKplEC false
    • Avira URL Cloud: safe
    		 unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/89d7896ddbcf41e9/1720016644189/u1VDXhBiv2-2_Ew false
    • Avira URL Cloud: safe
    		 unknown
    https://a.nel.cloudflare.com/report/v4?s=7Z%2B2mqucgiqISdthkfK4ykkg%2F431UyRBvwTXQ8Z8kHmYNNwaN8vsSXx8yveYmCfPjGRrdAe10CEjizOhlqyyiwwk9jd9OZQa9zbWBoImGx18xYMVFmqHGHIIrvcqqMobJzgp false
    • Avira URL Cloud: safe
    		 unknown
    https://korrespondenzanwalt.msk.ru// false
    • Avira URL Cloud: safe
    		 unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/89d786589a36422b/1720016517596/6a820e37863bba0c78d5852765ec22fa344624eef4de8561413100798b3ddbac/EyOLZfsS1q-4hb7 false
    • Avira URL Cloud: safe
    		 unknown
    https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://smartcart.com.ru/NqjcA/ true
    • Avira URL Cloud: safe
    		 unknown