Edit tour

Windows Analysis Report
https://vetero-air-spb.ru/wp-includes/page

Overview

General Information

Sample URL:	https://vetero-air-spb.ru/wp-includes/page
Analysis ID:	1675802
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	100%

Signatures

Detected suspicious crossdomain redirect

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2068,i,7477291261038422964,12150219640225577417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vetero-air-spb.ru/wp-includes/page" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 142.250.217.132:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.236.16.69:443 -> 192.168.2.7:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.236.16.69:443 -> 192.168.2.7:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.7:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.7:49699 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: vetero-air-spb.ru to https://pave-eg.com/pave/public/wp?ref=b701995f37
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: vetero-air-spb.ru to https://pave-eg.com/pave/public/wp?ref=2b6c42880c
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: pave-eg.com to https://additionalfeatures.digital/cap/

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.189.3
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.189.3
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.189.3
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.189.3
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.189.3
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.189.3
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wp-includes/page HTTP/1.1Host: vetero-air-spb.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/page/ HTTP/1.1Host: vetero-air-spb.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pave/public/wp?ref=b701995f37 HTTP/1.1Host: pave-eg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pave/public/wp/?ref=b701995f37 HTTP/1.1Host: pave-eg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/page/ HTTP/1.1Host: vetero-air-spb.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pave/public/wp?ref=2b6c42880c HTTP/1.1Host: pave-eg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pave/public/wp/?ref=2b6c42880c HTTP/1.1Host: pave-eg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/page/ HTTP/1.1Host: vetero-air-spb.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: vetero-air-spb.ru
Source: global traffic	DNS traffic detected: DNS query: pave-eg.com
Source: global traffic	DNS traffic detected: DNS query: additionalfeatures.digital
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443

Source: unknown	HTTPS traffic detected: 142.250.217.132:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.236.16.69:443 -> 192.168.2.7:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.236.16.69:443 -> 192.168.2.7:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.7:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.7:49699 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@27/0@32/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2068,i,7477291261038422964,12150219640225577417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vetero-air-spb.ru/wp-includes/page"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2068,i,7477291261038422964,12150219640225577417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://vetero-air-spb.ru/wp-includes/page	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://pave-eg.com/pave/public/wp?ref=b701995f37	0%	Avira URL Cloud	safe
https://pave-eg.com/pave/public/wp/?ref=b701995f37	0%	Avira URL Cloud	safe
http://vetero-air-spb.ru/wp-includes/page/	0%	Avira URL Cloud	safe
https://pave-eg.com/pave/public/wp/?ref=2b6c42880c	0%	Avira URL Cloud	safe
https://pave-eg.com/pave/public/wp?ref=2b6c42880c	0%	Avira URL Cloud	safe
https://vetero-air-spb.ru/wp-includes/page/	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.189.14	true	false	high
pave-eg.com	104.21.80.1	true	false	unknown
www.google.com	142.250.217.132	true	false	high
vetero-air-spb.ru	87.236.16.69	true	false	unknown
additionalfeatures.digital	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pave-eg.com/pave/public/wp?ref=b701995f37	false	Avira URL Cloud: safe	unknown
https://pave-eg.com/pave/public/wp/?ref=2b6c42880c	false	Avira URL Cloud: safe	unknown
http://c.pki.goog/r/r4.crl	false		high
http://vetero-air-spb.ru/wp-includes/page/	false	Avira URL Cloud: safe	unknown
https://vetero-air-spb.ru/wp-includes/page/	false	Avira URL Cloud: safe	unknown
https://pave-eg.com/pave/public/wp/?ref=b701995f37	false	Avira URL Cloud: safe	unknown
https://pave-eg.com/pave/public/wp?ref=2b6c42880c	false	Avira URL Cloud: safe	unknown
https://vetero-air-spb.ru/wp-includes/page	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.217.132	www.google.com	United States	15169	GOOGLEUS	false
87.236.16.69	vetero-air-spb.ru	Russian Federation	198610	BEGET-ASRU	false
104.21.80.1	pave-eg.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1675802
Start date and time:	2025-04-28 03:36:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://vetero-air-spb.ru/wp-includes/page
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@27/0@32/4

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.176.14, 142.250.176.3, 142.250.68.238, 142.250.141.84, 172.217.12.142, 192.178.49.206, 199.232.210.172, 142.250.189.14, 142.250.188.238, 142.251.40.35, 142.250.69.3, 4.175.87.197, 184.29.183.29
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://vetero-air-spb.ru/wp-includes/page

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 140
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 03:37:34.416807890 CEST	49673	443	192.168.2.7	2.23.227.208
Apr 28, 2025 03:37:34.416975975 CEST	49675	443	192.168.2.7	2.23.227.208
Apr 28, 2025 03:37:34.416976929 CEST	49674	443	192.168.2.7	2.23.227.208
Apr 28, 2025 03:37:41.401449919 CEST	49677	443	192.168.2.7	2.18.98.62
Apr 28, 2025 03:37:41.401506901 CEST	49676	80	192.168.2.7	23.199.215.203
Apr 28, 2025 03:37:43.920357943 CEST	49691	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:37:43.920394897 CEST	443	49691	142.250.217.132	192.168.2.7
Apr 28, 2025 03:37:43.920622110 CEST	49691	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:37:43.920622110 CEST	49691	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:37:43.920655012 CEST	443	49691	142.250.217.132	192.168.2.7
Apr 28, 2025 03:37:44.026949883 CEST	49673	443	192.168.2.7	2.23.227.208
Apr 28, 2025 03:37:44.026989937 CEST	49675	443	192.168.2.7	2.23.227.208
Apr 28, 2025 03:37:44.027090073 CEST	49674	443	192.168.2.7	2.23.227.208
Apr 28, 2025 03:37:44.234013081 CEST	443	49691	142.250.217.132	192.168.2.7
Apr 28, 2025 03:37:44.234096050 CEST	49691	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:37:44.235518932 CEST	49691	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:37:44.235526085 CEST	443	49691	142.250.217.132	192.168.2.7
Apr 28, 2025 03:37:44.235752106 CEST	443	49691	142.250.217.132	192.168.2.7
Apr 28, 2025 03:37:44.276949883 CEST	49691	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:37:45.652818918 CEST	49692	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:45.652856112 CEST	443	49692	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:45.653008938 CEST	49692	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:45.653587103 CEST	49693	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:45.653619051 CEST	443	49693	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:45.653728008 CEST	49693	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:45.654344082 CEST	49693	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:45.654359102 CEST	443	49693	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:45.654489994 CEST	49692	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:45.654500961 CEST	443	49692	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.295857906 CEST	443	49692	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.295937061 CEST	49692	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:46.297087908 CEST	49692	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:46.297102928 CEST	443	49692	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.297378063 CEST	443	49692	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.297679901 CEST	49692	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:46.299649000 CEST	443	49693	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.299735069 CEST	49693	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:46.300570965 CEST	49693	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:46.300582886 CEST	443	49693	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.301043034 CEST	443	49693	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.341099977 CEST	49693	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:46.344268084 CEST	443	49692	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.997097969 CEST	443	49692	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.997191906 CEST	443	49692	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:46.997237921 CEST	49692	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:47.000956059 CEST	49692	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:47.000976086 CEST	443	49692	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:47.009433031 CEST	49693	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:47.052284956 CEST	443	49693	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:47.897717953 CEST	443	49693	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:47.897809982 CEST	443	49693	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:47.897870064 CEST	49693	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:47.898148060 CEST	49693	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:47.898169994 CEST	443	49693	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:48.085171938 CEST	49694	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:48.085222960 CEST	443	49694	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:48.085477114 CEST	49694	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:48.085477114 CEST	49694	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:48.085510969 CEST	443	49694	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:48.400194883 CEST	443	49694	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:48.400285006 CEST	49694	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:48.402610064 CEST	49694	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:48.402616978 CEST	443	49694	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:48.402895927 CEST	443	49694	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:48.403600931 CEST	49694	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:48.444277048 CEST	443	49694	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:49.223381042 CEST	443	49694	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:49.223520994 CEST	443	49694	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:49.223577976 CEST	49694	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:49.227679014 CEST	49694	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:49.227701902 CEST	443	49694	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:49.231690884 CEST	49695	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:49.231730938 CEST	443	49695	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:49.231867075 CEST	49695	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:49.232008934 CEST	49695	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:49.232023954 CEST	443	49695	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:49.538002968 CEST	443	49695	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:49.538269043 CEST	49695	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:49.538281918 CEST	443	49695	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:49.538577080 CEST	49695	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:49.538582087 CEST	443	49695	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:50.012362003 CEST	49695	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:50.012465000 CEST	443	49695	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:50.012530088 CEST	49695	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:50.681031942 CEST	49696	80	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:50.811532021 CEST	49697	80	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:50.997855902 CEST	80	49696	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:50.998428106 CEST	49696	80	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:50.998857021 CEST	49696	80	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:51.128583908 CEST	80	49697	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:51.128714085 CEST	49697	80	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:51.315649033 CEST	80	49696	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:51.315960884 CEST	80	49696	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:51.318984985 CEST	49698	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:51.319029093 CEST	443	49698	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:51.319205046 CEST	49698	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:51.319367886 CEST	49698	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:51.319380045 CEST	443	49698	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:51.357371092 CEST	49696	80	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:51.959996939 CEST	443	49698	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:51.960481882 CEST	49698	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:51.960511923 CEST	443	49698	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:51.960686922 CEST	49698	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:51.960697889 CEST	443	49698	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:52.623692989 CEST	443	49698	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:52.623814106 CEST	443	49698	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:52.623886108 CEST	49698	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:52.624154091 CEST	49698	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:52.624176025 CEST	443	49698	87.236.16.69	192.168.2.7
Apr 28, 2025 03:37:52.624191046 CEST	49698	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:52.624221087 CEST	49698	443	192.168.2.7	87.236.16.69
Apr 28, 2025 03:37:52.626115084 CEST	49699	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:52.626154900 CEST	443	49699	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:52.626239061 CEST	49699	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:52.626375914 CEST	49699	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:52.626388073 CEST	443	49699	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:52.961015940 CEST	443	49699	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:52.961085081 CEST	49699	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:52.961585045 CEST	49699	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:52.961595058 CEST	443	49699	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:52.961808920 CEST	443	49699	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:52.962181091 CEST	49699	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:53.004270077 CEST	443	49699	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:53.743002892 CEST	443	49699	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:53.743124008 CEST	443	49699	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:53.743218899 CEST	49699	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:53.743551970 CEST	49699	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:53.743567944 CEST	443	49699	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:53.746206999 CEST	49700	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:53.746263981 CEST	443	49700	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:53.746362925 CEST	49700	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:53.746507883 CEST	49700	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:53.746522903 CEST	443	49700	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:54.053576946 CEST	443	49700	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:54.054615021 CEST	49700	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:54.054641008 CEST	443	49700	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:54.054768085 CEST	49700	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:54.054774046 CEST	443	49700	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:54.223099947 CEST	443	49691	142.250.217.132	192.168.2.7
Apr 28, 2025 03:37:54.223160028 CEST	443	49691	142.250.217.132	192.168.2.7
Apr 28, 2025 03:37:54.223222971 CEST	49691	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:37:54.609268904 CEST	49691	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:37:54.609297991 CEST	443	49691	142.250.217.132	192.168.2.7
Apr 28, 2025 03:37:54.893146992 CEST	443	49700	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:54.893239975 CEST	443	49700	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:54.893402100 CEST	49700	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:54.893908978 CEST	49700	443	192.168.2.7	104.21.80.1
Apr 28, 2025 03:37:54.893923044 CEST	443	49700	104.21.80.1	192.168.2.7
Apr 28, 2025 03:37:55.393505096 CEST	49672	443	192.168.2.7	2.23.227.208
Apr 28, 2025 03:37:55.393558979 CEST	443	49672	2.23.227.208	192.168.2.7
Apr 28, 2025 03:37:56.892504930 CEST	49705	80	192.168.2.7	142.250.189.3
Apr 28, 2025 03:37:57.040499926 CEST	80	49705	142.250.189.3	192.168.2.7
Apr 28, 2025 03:37:57.040590048 CEST	49705	80	192.168.2.7	142.250.189.3
Apr 28, 2025 03:37:57.040858030 CEST	49705	80	192.168.2.7	142.250.189.3
Apr 28, 2025 03:37:57.188287020 CEST	80	49705	142.250.189.3	192.168.2.7
Apr 28, 2025 03:37:57.188756943 CEST	80	49705	142.250.189.3	192.168.2.7
Apr 28, 2025 03:37:57.229779005 CEST	49705	80	192.168.2.7	142.250.189.3
Apr 28, 2025 03:38:08.621395111 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 28, 2025 03:38:08.933361053 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 28, 2025 03:38:09.542745113 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 28, 2025 03:38:10.745834112 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 28, 2025 03:38:11.351025105 CEST	80	49697	87.236.16.69	192.168.2.7
Apr 28, 2025 03:38:11.351105928 CEST	49697	80	192.168.2.7	87.236.16.69
Apr 28, 2025 03:38:11.607480049 CEST	49697	80	192.168.2.7	87.236.16.69
Apr 28, 2025 03:38:11.923996925 CEST	80	49697	87.236.16.69	192.168.2.7
Apr 28, 2025 03:38:13.152340889 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 28, 2025 03:38:17.187150955 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 28, 2025 03:38:17.496025085 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 28, 2025 03:38:17.964777946 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 28, 2025 03:38:18.106492996 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 28, 2025 03:38:19.306830883 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 28, 2025 03:38:21.714240074 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 28, 2025 03:38:26.526648045 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 28, 2025 03:38:27.573537111 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 28, 2025 03:38:36.136138916 CEST	49678	443	192.168.2.7	20.189.173.15
Apr 28, 2025 03:38:36.323616982 CEST	49696	80	192.168.2.7	87.236.16.69
Apr 28, 2025 03:38:36.640685081 CEST	80	49696	87.236.16.69	192.168.2.7
Apr 28, 2025 03:38:43.840409994 CEST	49717	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:38:43.840456963 CEST	443	49717	142.250.217.132	192.168.2.7
Apr 28, 2025 03:38:43.840523958 CEST	49717	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:38:43.840686083 CEST	49717	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:38:43.840698957 CEST	443	49717	142.250.217.132	192.168.2.7
Apr 28, 2025 03:38:44.147378922 CEST	443	49717	142.250.217.132	192.168.2.7
Apr 28, 2025 03:38:44.147880077 CEST	49717	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:38:44.147893906 CEST	443	49717	142.250.217.132	192.168.2.7
Apr 28, 2025 03:38:54.147195101 CEST	443	49717	142.250.217.132	192.168.2.7
Apr 28, 2025 03:38:54.147264004 CEST	443	49717	142.250.217.132	192.168.2.7
Apr 28, 2025 03:38:54.147562027 CEST	49717	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:38:54.606585979 CEST	49717	443	192.168.2.7	142.250.217.132
Apr 28, 2025 03:38:54.606610060 CEST	443	49717	142.250.217.132	192.168.2.7
Apr 28, 2025 03:38:57.511040926 CEST	49705	80	192.168.2.7	142.250.189.3
Apr 28, 2025 03:38:57.661788940 CEST	80	49705	142.250.189.3	192.168.2.7
Apr 28, 2025 03:38:57.661859989 CEST	49705	80	192.168.2.7	142.250.189.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 03:37:39.307888031 CEST	53	64324	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:39.411320925 CEST	53	62177	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:40.590429068 CEST	53	56845	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:41.909110069 CEST	53	62272	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:43.778306007 CEST	58902	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:43.778497934 CEST	60680	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:43.919086933 CEST	53	60680	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:43.919370890 CEST	53	58902	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:44.959348917 CEST	63243	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:44.959491014 CEST	59259	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:45.610446930 CEST	53	59259	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:45.651837111 CEST	53	63243	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:47.900513887 CEST	56443	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:47.900681019 CEST	58077	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:48.074981928 CEST	53	58077	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:48.084515095 CEST	53	56443	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:50.017678976 CEST	59902	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:50.017888069 CEST	53113	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:50.663357019 CEST	53	59902	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:50.680522919 CEST	53	53113	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:54.896138906 CEST	56509	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:54.896472931 CEST	50282	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:55.048372030 CEST	53	56509	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:55.054364920 CEST	53	50282	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:55.055088043 CEST	64762	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:55.215028048 CEST	53	64762	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:55.253066063 CEST	57549	53	192.168.2.7	8.8.8.8
Apr 28, 2025 03:37:55.254232883 CEST	54601	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:55.404664040 CEST	53	54601	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:55.409440041 CEST	53	57549	8.8.8.8	192.168.2.7
Apr 28, 2025 03:37:56.272346020 CEST	58076	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:56.272689104 CEST	63836	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:37:56.418724060 CEST	53	63836	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:56.427141905 CEST	53	58076	1.1.1.1	192.168.2.7
Apr 28, 2025 03:37:58.881382942 CEST	53	55955	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:01.444628000 CEST	59101	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:01.445430040 CEST	57968	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:01.599447012 CEST	53	57968	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:01.645560026 CEST	53	59101	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:01.646409988 CEST	59112	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:01.787321091 CEST	53	59112	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:07.837532043 CEST	51838	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:07.837697983 CEST	53928	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:07.984782934 CEST	53	53928	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:07.995893002 CEST	53	51838	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:07.997051954 CEST	62301	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:08.138753891 CEST	53	62301	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:08.171839952 CEST	52085	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:08.172141075 CEST	58924	53	192.168.2.7	8.8.8.8
Apr 28, 2025 03:38:08.322237968 CEST	53	52085	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:08.329726934 CEST	53	58924	8.8.8.8	192.168.2.7
Apr 28, 2025 03:38:17.654289961 CEST	53	53553	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:19.717782974 CEST	58311	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:19.717969894 CEST	63447	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:19.865575075 CEST	53	58311	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:19.881042957 CEST	53	63447	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:19.885473013 CEST	60090	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:20.043869019 CEST	53	60090	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:20.062978029 CEST	53744	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:20.063266039 CEST	53125	53	192.168.2.7	8.8.8.8
Apr 28, 2025 03:38:20.220295906 CEST	53	53125	8.8.8.8	192.168.2.7
Apr 28, 2025 03:38:20.244796038 CEST	53	53744	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:32.636961937 CEST	61306	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:32.790997982 CEST	53	61306	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:39.230293989 CEST	53	63304	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:40.496179104 CEST	53	62150	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:42.475965977 CEST	53	56637	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:50.110769987 CEST	50984	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:50.110985994 CEST	62131	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:50.263417959 CEST	53	62131	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:50.267131090 CEST	53	50984	1.1.1.1	192.168.2.7
Apr 28, 2025 03:38:50.268017054 CEST	58274	53	192.168.2.7	1.1.1.1
Apr 28, 2025 03:38:50.417656898 CEST	53	58274	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 28, 2025 03:37:43.778306007 CEST	192.168.2.7	1.1.1.1	0x84f0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:43.778497934 CEST	192.168.2.7	1.1.1.1	0x5f32	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 28, 2025 03:37:44.959348917 CEST	192.168.2.7	1.1.1.1	0x57e0	Standard query (0)	vetero-air-spb.ru	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:44.959491014 CEST	192.168.2.7	1.1.1.1	0x99f4	Standard query (0)	vetero-air-spb.ru	65	IN (0x0001)	false
Apr 28, 2025 03:37:47.900513887 CEST	192.168.2.7	1.1.1.1	0x1b14	Standard query (0)	pave-eg.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:47.900681019 CEST	192.168.2.7	1.1.1.1	0xf8ba	Standard query (0)	pave-eg.com	65	IN (0x0001)	false
Apr 28, 2025 03:37:50.017678976 CEST	192.168.2.7	1.1.1.1	0x9207	Standard query (0)	vetero-air-spb.ru	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:50.017888069 CEST	192.168.2.7	1.1.1.1	0xd966	Standard query (0)	vetero-air-spb.ru	65	IN (0x0001)	false
Apr 28, 2025 03:37:54.896138906 CEST	192.168.2.7	1.1.1.1	0x9717	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:54.896472931 CEST	192.168.2.7	1.1.1.1	0x6ebc	Standard query (0)	additionalfeatures.digital	65	IN (0x0001)	false
Apr 28, 2025 03:37:55.055088043 CEST	192.168.2.7	1.1.1.1	0xde04	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:55.253066063 CEST	192.168.2.7	8.8.8.8	0x278e	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:55.254232883 CEST	192.168.2.7	1.1.1.1	0xc9ed	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:56.272346020 CEST	192.168.2.7	1.1.1.1	0x7d41	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:56.272689104 CEST	192.168.2.7	1.1.1.1	0xa64d	Standard query (0)	additionalfeatures.digital	65	IN (0x0001)	false
Apr 28, 2025 03:38:01.444628000 CEST	192.168.2.7	1.1.1.1	0x82d1	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:01.445430040 CEST	192.168.2.7	1.1.1.1	0xe1f9	Standard query (0)	additionalfeatures.digital	65	IN (0x0001)	false
Apr 28, 2025 03:38:01.646409988 CEST	192.168.2.7	1.1.1.1	0xa50d	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:07.837532043 CEST	192.168.2.7	1.1.1.1	0x36db	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:07.837697983 CEST	192.168.2.7	1.1.1.1	0xd24d	Standard query (0)	additionalfeatures.digital	65	IN (0x0001)	false
Apr 28, 2025 03:38:07.997051954 CEST	192.168.2.7	1.1.1.1	0xafce	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:08.171839952 CEST	192.168.2.7	1.1.1.1	0x4aba	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:08.172141075 CEST	192.168.2.7	8.8.8.8	0xf6cb	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:19.717782974 CEST	192.168.2.7	1.1.1.1	0xad43	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:19.717969894 CEST	192.168.2.7	1.1.1.1	0xe58	Standard query (0)	additionalfeatures.digital	65	IN (0x0001)	false
Apr 28, 2025 03:38:19.885473013 CEST	192.168.2.7	1.1.1.1	0xe157	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:20.062978029 CEST	192.168.2.7	1.1.1.1	0xe352	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:20.063266039 CEST	192.168.2.7	8.8.8.8	0xcc9f	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:32.636961937 CEST	192.168.2.7	1.1.1.1	0x340c	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:50.110769987 CEST	192.168.2.7	1.1.1.1	0x7961	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:50.110985994 CEST	192.168.2.7	1.1.1.1	0x28f8	Standard query (0)	additionalfeatures.digital	65	IN (0x0001)	false
Apr 28, 2025 03:38:50.268017054 CEST	192.168.2.7	1.1.1.1	0xbdc7	Standard query (0)	additionalfeatures.digital	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 28, 2025 03:37:43.919086933 CEST	1.1.1.1	192.168.2.7	0x5f32	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 28, 2025 03:37:43.919370890 CEST	1.1.1.1	192.168.2.7	0x84f0	No error (0)	www.google.com		142.250.217.132	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:45.651837111 CEST	1.1.1.1	192.168.2.7	0x57e0	No error (0)	vetero-air-spb.ru		87.236.16.69	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:48.074981928 CEST	1.1.1.1	192.168.2.7	0xf8ba	No error (0)	pave-eg.com			65	IN (0x0001)	false
Apr 28, 2025 03:37:48.084515095 CEST	1.1.1.1	192.168.2.7	0x1b14	No error (0)	pave-eg.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:48.084515095 CEST	1.1.1.1	192.168.2.7	0x1b14	No error (0)	pave-eg.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:48.084515095 CEST	1.1.1.1	192.168.2.7	0x1b14	No error (0)	pave-eg.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:48.084515095 CEST	1.1.1.1	192.168.2.7	0x1b14	No error (0)	pave-eg.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:48.084515095 CEST	1.1.1.1	192.168.2.7	0x1b14	No error (0)	pave-eg.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:48.084515095 CEST	1.1.1.1	192.168.2.7	0x1b14	No error (0)	pave-eg.com		104.21.32.1	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:48.084515095 CEST	1.1.1.1	192.168.2.7	0x1b14	No error (0)	pave-eg.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:50.663357019 CEST	1.1.1.1	192.168.2.7	0x9207	No error (0)	vetero-air-spb.ru		87.236.16.69	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:55.048372030 CEST	1.1.1.1	192.168.2.7	0x9717	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:55.054364920 CEST	1.1.1.1	192.168.2.7	0x6ebc	Name error (3)	additionalfeatures.digital	none	none	65	IN (0x0001)	false
Apr 28, 2025 03:37:55.215028048 CEST	1.1.1.1	192.168.2.7	0xde04	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:55.404664040 CEST	1.1.1.1	192.168.2.7	0xc9ed	No error (0)	google.com		142.250.189.14	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:55.409440041 CEST	8.8.8.8	192.168.2.7	0x278e	No error (0)	google.com		142.250.69.14	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:37:56.418724060 CEST	1.1.1.1	192.168.2.7	0xa64d	Name error (3)	additionalfeatures.digital	none	none	65	IN (0x0001)	false
Apr 28, 2025 03:37:56.427141905 CEST	1.1.1.1	192.168.2.7	0x7d41	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:01.599447012 CEST	1.1.1.1	192.168.2.7	0xe1f9	Name error (3)	additionalfeatures.digital	none	none	65	IN (0x0001)	false
Apr 28, 2025 03:38:01.645560026 CEST	1.1.1.1	192.168.2.7	0x82d1	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:01.787321091 CEST	1.1.1.1	192.168.2.7	0xa50d	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:07.984782934 CEST	1.1.1.1	192.168.2.7	0xd24d	Name error (3)	additionalfeatures.digital	none	none	65	IN (0x0001)	false
Apr 28, 2025 03:38:07.995893002 CEST	1.1.1.1	192.168.2.7	0x36db	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:08.138753891 CEST	1.1.1.1	192.168.2.7	0xafce	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:08.322237968 CEST	1.1.1.1	192.168.2.7	0x4aba	No error (0)	google.com		142.251.40.46	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:08.329726934 CEST	8.8.8.8	192.168.2.7	0xf6cb	No error (0)	google.com		142.250.69.14	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:19.865575075 CEST	1.1.1.1	192.168.2.7	0xad43	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:19.881042957 CEST	1.1.1.1	192.168.2.7	0xe58	Name error (3)	additionalfeatures.digital	none	none	65	IN (0x0001)	false
Apr 28, 2025 03:38:20.043869019 CEST	1.1.1.1	192.168.2.7	0xe157	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:20.220295906 CEST	8.8.8.8	192.168.2.7	0xcc9f	No error (0)	google.com		142.250.69.14	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:20.244796038 CEST	1.1.1.1	192.168.2.7	0xe352	No error (0)	google.com		142.251.40.46	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:32.790997982 CEST	1.1.1.1	192.168.2.7	0x340c	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:50.263417959 CEST	1.1.1.1	192.168.2.7	0x28f8	Name error (3)	additionalfeatures.digital	none	none	65	IN (0x0001)	false
Apr 28, 2025 03:38:50.267131090 CEST	1.1.1.1	192.168.2.7	0x7961	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false
Apr 28, 2025 03:38:50.417656898 CEST	1.1.1.1	192.168.2.7	0xbdc7	Name error (3)	additionalfeatures.digital	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

vetero-air-spb.ru

pave-eg.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49696	87.236.16.69	80	5156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Apr 28, 2025 03:37:50.998857021 CEST	449	OUT	GET /wp-includes/page/ HTTP/1.1 Host: vetero-air-spb.ru Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Apr 28, 2025 03:37:51.315960884 CEST	431	IN	HTTP/1.1 301 Moved Permanently Server: nginx-reuseport/1.21.1 Date: Mon, 28 Apr 2025 01:37:51 GMT Content-Type: text/html Content-Length: 179 Connection: keep-alive Keep-Alive: timeout=30 Location: https://vetero-air-spb.ru/wp-includes/page/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2d 72 65 75 73 65 70 6f 72 74 2f 31 2e 32 31 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx-reuseport/1.21.1</center></body></html>
Apr 28, 2025 03:38:36.323616982 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.7	49705	142.250.189.3	80

Timestamp	Bytes transferred	Direction	Data
Apr 28, 2025 03:37:57.040858030 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 28, 2025 03:37:57.188756943 CEST	1243	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 28 Apr 2025 01:17:13 GMT Expires: Mon, 28 Apr 2025 02:07:13 GMT Cache-Control: public, max-age=3000 Age: 1244 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49692	87.236.16.69	443	5156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 01:37:46 UTC	683	OUT	GET /wp-includes/page HTTP/1.1 Host: vetero-air-spb.ru Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 01:37:46 UTC	242	IN	HTTP/1.1 301 Moved Permanently Server: nginx-reuseport/1.21.1 Date: Mon, 28 Apr 2025 01:37:46 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 331 Connection: close Location: http://vetero-air-spb.ru/wp-includes/page/
2025-04-28 01:37:46 UTC	331	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 76 65 74 65 72 6f 2d 61 69 72 2d 73 70 62 2e 72 75 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 70 61 67 65 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://vetero-air-spb.ru/wp-includes/page/">here</a>.</p><hr><address>Apache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49693	87.236.16.69	443	5156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 01:37:47 UTC	684	OUT	GET /wp-includes/page/ HTTP/1.1 Host: vetero-air-spb.ru Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 01:37:47 UTC	258	IN	HTTP/1.1 302 Found Server: nginx-reuseport/1.21.1 Date: Mon, 28 Apr 2025 01:37:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 234 Connection: close X-Powered-By: PHP/7.4.33 Location: https://pave-eg.com/pave/public/wp?ref=b701995f37
2025-04-28 01:37:47 UTC	234	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 70 61 76 65 2d 65 67 2e 63 6f 6d 2f 70 61 76 65 2f 70 75 62 6c 69 63 2f 77 70 3f 72 65 66 3d 62 37 30 31 39 39 35 66 33 37 27 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 49 66 20 79 6f 75 20 61 72 65 20 6e 6f 74 20 72 65 64 69 72 65 63 74 65 64 2c 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 70 61 76 65 2d 65 67 2e 63 6f 6d 2f 70 61 76 65 2f 70 75 62 6c 69 63 2f 77 70 3f 72 65 66 3d 62 37 30 31 39 39 35 66 33 37 27 3e 63 6c 69 63 6b 20 68 65 72 65 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta http-equiv='refresh' content='0;url=https://pave-eg.com/pave/public/wp?ref=b701995f37'></head><body>If you are not redirected, <a href='https://pave-eg.com/pave/public/wp?ref=b701995f37'>click here</a>.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49694	104.21.80.1	443	5156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 01:37:48 UTC	690	OUT	GET /pave/public/wp?ref=b701995f37 HTTP/1.1 Host: pave-eg.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 01:37:49 UTC	331	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 28 Apr 2025 01:37:49 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Server: cloudflare Location: https://pave-eg.com/pave/public/wp/?ref=b701995f37 Cf-Cache-Status: DYNAMIC CF-RAY: 9372d627191e522b-LAX alt-svc: h3=":443"; ma=86400
2025-04-28 01:37:49 UTC	265	IN	Data Raw: 31 30 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 61 76 65 2d 65 67 2e 63 6f 6d 2f 70 61 76 65 2f 70 75 62 6c 69 63 2f 77 70 2f 3f 72 65 66 3d 62 37 30 31 39 39 35 66 33 37 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e Data Ascii: 102<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://pave-eg.com/pave/public/wp/?ref=b701995f37">here</a>.</p></body>
2025-04-28 01:37:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49695	104.21.80.1	443	5156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 01:37:49 UTC	691	OUT	GET /pave/public/wp/?ref=b701995f37 HTTP/1.1 Host: pave-eg.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49698	87.236.16.69	443	5156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 01:37:51 UTC	684	OUT	GET /wp-includes/page/ HTTP/1.1 Host: vetero-air-spb.ru Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 01:37:52 UTC	258	IN	HTTP/1.1 302 Found Server: nginx-reuseport/1.21.1 Date: Mon, 28 Apr 2025 01:37:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 234 Connection: close X-Powered-By: PHP/7.4.33 Location: https://pave-eg.com/pave/public/wp?ref=2b6c42880c
2025-04-28 01:37:52 UTC	234	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 70 61 76 65 2d 65 67 2e 63 6f 6d 2f 70 61 76 65 2f 70 75 62 6c 69 63 2f 77 70 3f 72 65 66 3d 32 62 36 63 34 32 38 38 30 63 27 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 49 66 20 79 6f 75 20 61 72 65 20 6e 6f 74 20 72 65 64 69 72 65 63 74 65 64 2c 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 70 61 76 65 2d 65 67 2e 63 6f 6d 2f 70 61 76 65 2f 70 75 62 6c 69 63 2f 77 70 3f 72 65 66 3d 32 62 36 63 34 32 38 38 30 63 27 3e 63 6c 69 63 6b 20 68 65 72 65 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta http-equiv='refresh' content='0;url=https://pave-eg.com/pave/public/wp?ref=2b6c42880c'></head><body>If you are not redirected, <a href='https://pave-eg.com/pave/public/wp?ref=2b6c42880c'>click here</a>.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49699	104.21.80.1	443	5156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 01:37:52 UTC	690	OUT	GET /pave/public/wp?ref=2b6c42880c HTTP/1.1 Host: pave-eg.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 01:37:53 UTC	331	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 28 Apr 2025 01:37:53 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Server: cloudflare Location: https://pave-eg.com/pave/public/wp/?ref=2b6c42880c Cf-Cache-Status: DYNAMIC CF-RAY: 9372d643cd11f08d-DFW alt-svc: h3=":443"; ma=86400
2025-04-28 01:37:53 UTC	265	IN	Data Raw: 31 30 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 61 76 65 2d 65 67 2e 63 6f 6d 2f 70 61 76 65 2f 70 75 62 6c 69 63 2f 77 70 2f 3f 72 65 66 3d 32 62 36 63 34 32 38 38 30 63 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e Data Ascii: 102<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://pave-eg.com/pave/public/wp/?ref=2b6c42880c">here</a>.</p></body>
2025-04-28 01:37:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49700	104.21.80.1	443	5156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 01:37:54 UTC	691	OUT	GET /pave/public/wp/?ref=2b6c42880c HTTP/1.1 Host: pave-eg.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-28 01:37:54 UTC	303	IN	HTTP/1.1 302 Found Date: Mon, 28 Apr 2025 01:37:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Location: https://AdditionalFeatures.digital/cap/ Cf-Cache-Status: DYNAMIC CF-RAY: 9372d64a7aa752bf-LAX alt-svc: h3=":443"; ma=86400
2025-04-28 01:37:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2640, Parent PID: 4400

Function Logs

General

Target ID:	0
Start time:	21:37:36
Start date:	27/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5156, Parent PID: 2640

Function Logs

General

Target ID:	1
Start time:	21:37:37
Start date:	27/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2068,i,7477291261038422964,12150219640225577417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6340, Parent PID: 4400

Function Logs

General

Target ID:	5
Start time:	21:37:43
Start date:	27/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vetero-air-spb.ru/wp-includes/page"
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://vetero-air-spb.ru/wp-includes/page

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2640, Parent PID: 4400

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Process Activities

Process Created

Process Terminated

Windows Analysis Report
https://vetero-air-spb.ru/wp-includes/page