Windows Analysis Report
https://theinsurancesurgery.exvn.com/page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830

Overview

General Information

Sample URL:	https://theinsurancesurgery.exvn.com/page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830
Analysis ID:	1417071
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

Invalid T&C link found

Stores files to the Windows start menu directory

Suspicious form URL found

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

Found iframes

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtv
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtv

HTML body contains low number of good links

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20

HTTP Parser: Base64 decoded: https://the-insurance-surgery.uk:443

Invalid T&C link found

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Invalid link: Privacy Notice
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Invalid link: Privacy Notice

Suspicious form URL found

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Form action: /p/bp/index.php
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Form action: /p/bp/index.php

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No favicon
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtv	HTTP Parser: No favicon

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No <meta name="author".. found
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No <meta name="author".. found

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No <meta name="copyright".. found
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49745 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.8:49729 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49745 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830 HTTP/1.1Host: theinsurancesurgery.exvn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20 HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://theinsurancesurgery.exvn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/jquery-3.4.1/jquery-3.4.1.min.js HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
Source: global traffic	HTTP traffic detected: GET /p/common/bootstrap-4.4.1-dist/css/bootstrap.css HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/jquery-ui-1.12.1/jquery-ui.min.css HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/jquery-ui-1.12.1/jquery-ui.min.js HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/bootstrap-4.4.1-dist/js/bootstrap.js HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/fontawesome-free-5.12.0-web/js/all.min.js HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/images/logolander.jpg HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/images/footer.jpg HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/images/logolander.jpg HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/images/footer.jpg HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtv HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://the-insurance-surgery.uk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
Source: global traffic	HTTP traffic detected: GET /js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtvAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtvAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: theinsurancesurgery.exvn.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A4109008217X-BM-CBT: 1696494873X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 229C124F14F843F693B4EF574DFCAAABX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109008217X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=7A0479E0E07C4D7D91A8C7552F34E6D4&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696493908190&IPMH=7bc3b11d&IPMID=1696494873321&HV=1696494765; CortanaAppUID=0A2376201E427A029407F32A9072506A; MUID=4E6D5F19647E45969740B90CC0355D4C; _SS=SID=1F4D6C7F4B26664337657FDE4A3767CB&CPID=1696494874312&AC=1&CPH=893a1c21; _EDGE_S=SID=1F4D6C7F4B26664337657FDE4A3767CB; MUIDB=4E6D5F19647E45969740B90CC0355D4C

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 14:22:17 GMTServer: Apache/2.4.46 ()Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_84.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?bgShadowXPos=&bgOverlayXPos=&bgErrorXPos=&bgHighlightXPos=&bgConten
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_96.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_96.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_80.2.dr, chromecache_86.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_80.2.dr	String found in binary or memory: https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
Source: chromecache_80.2.dr, chromecache_86.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_80.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_80.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/issues/24251
Source: chromecache_80.2.dr	String found in binary or memory: https://goo.gl/pxwQGp)
Source: chromecache_79.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_80.2.dr	String found in binary or memory: https://popper.js.org
Source: chromecache_80.2.dr	String found in binary or memory: https://popper.js.org/)
Source: chromecache_79.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_79.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_94.2.dr	String found in binary or memory: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5
Source: chromecache_100.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs
Source: chromecache_90.2.dr, chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__.
Source: chromecache_90.2.dr, chromecache_93.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
Source: chromecache_80.2.dr	String found in binary or memory: https://www.quirksmode.org/blog/archives/2014/02/mouse_event_bub.html

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.8:49729 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@18/53@12/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1912,i,16895947307000253171,10269158453712444937,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://theinsurancesurgery.exvn.com/page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1912,i,16895947307000253171,10269158453712444937,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
193.133.125.6	theinsurancesurgery.exvn.com	United Kingdom	702	UUNETUS	false
142.251.16.104	unknown	United States	15169	GOOGLEUS	false
3.11.25.68	the-insurance-surgery.uk	United States	16509	AMAZON-02US	false
172.253.122.99	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.115.147	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.9

Contacted Domains

Name	IP	Active
theinsurancesurgery.exvn.com	193.133.125.6	true
www.google.com	172.253.122.99	true
the-insurance-surgery.uk	3.11.25.68	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtv	false		high
https://the-insurance-surgery.uk/p/common/jquery-ui-1.12.1/jquery-ui.min.css	false	Avira URL Cloud: safe	unknown
https://the-insurance-surgery.uk/p/common/bootstrap-4.4.1-dist/js/bootstrap.js	false	Avira URL Cloud: safe	unknown
https://the-insurance-surgery.uk/p/common/bootstrap-4.4.1-dist/css/bootstrap.css	false	Avira URL Cloud: safe	unknown
https://the-insurance-surgery.uk/favicon.ico	false	Avira URL Cloud: safe	unknown
https://the-insurance-surgery.uk/p/bp/images/logolander.jpg	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api.js?render=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs	false		high
https://the-insurance-surgery.uk/p/common/jquery-3.4.1/jquery-3.4.1.min.js	false	Avira URL Cloud: safe	unknown
https://www.google.com/js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js	false		high
about:blank	false	Avira URL Cloud: safe	low
https://the-insurance-surgery.uk/p/bp/images/footer.jpg	false	Avira URL Cloud: safe	unknown
https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	false		unknown
https://theinsurancesurgery.exvn.com/page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830	false		high
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf	false		high
https://the-insurance-surgery.uk/p/common/jquery-ui-1.12.1/jquery-ui.min.js	false	Avira URL Cloud: safe	unknown
https://the-insurance-surgery.uk/p/common/fontawesome-free-5.12.0-web/js/all.min.js	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:22:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	182FE819906F8DCAF6660C7FA776836C	78AB421CFDBA8A0BEF564D5102AECC1F5E2144CB	D0655B9256A919BACBD3FC5E9CDCC0DFB047F94B4B284A462CC0A34A7C3476F3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:22:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	848E446A881D545118C12D79BC3023F2	61404B0E576CCDE2D44F4907036090516B1CEFDF	972858DF7F1EC53D294A803A82BF0CC132261A09C9E92FEF22D2C1D9609F31B1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	947359B1BEEA24568C74DAA00B78612B	0D81EED5BB1911031E215FFA02C5E085F8E10893	B0F3B4A1D0E659B7D5BBCEB386B46969F391BDA589934564A3C0A8DDA41CEE13
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:22:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	153FD41DAFA1C1456F0186DB08F110D5	19C9A921D2C3DB64D88E71E766C02B9E23B16F61	2E0CE902234ABA5EE2DB6802D2E60372228B98F017ED25D9EA3A54171C32294A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:22:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B5A2CAD88A45E40BCD129BD658687003	E2F6310780F594317F7466715DD69995E69DF529	15EAB20629464BBC3D48D57A5B75B603143F07792022AF7769FC4B44E9C8DA67
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:22:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E2BAE3F7A1C34A985E1639227CBABB22	1F9F52B9A9343E8C7BB0126E7A874BBE65548EE6	4AF2D3808238C540BDF89DAE61258E154F7AD1602CD0FF3032E3506FDACC784A
Chrome Cache Entry: 100	HTML document, ASCII text, with very long lines (521), with CRLF, LF line terminators	1FB2ADDA54E971C6D3F841458083DF20	16BBB02D3F58E2CDD18D5EED059130A0A70156DF	3940BA49C5B6ECF40CA2436D6A4E177A486686286923719D27371CAA9EB6872A
Chrome Cache Entry: 101	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x200, components 3	805ED9D4C5692E5A79E905F6412AC6E8	4A8E971F8CF9A468A9B0B69D532E913E960502BB	0538794F41EAF836A127731B453D19769C00853E45064BB3F0C339D892A6BDD2
Chrome Cache Entry: 102	ASCII text, with very long lines (56398), with no line terminators	EB4BC511F79F7A1573B45F5775B3A99B	D910FB51AD7316AA54F055079374574698E74B35	7859A62E04B0ACB06516EB12454DE6673883ECFAEAED6C254659BCA7CD59C050
Chrome Cache Entry: 78	ASCII text, with no line terminators	8CB5CA8CFDE6E4326AD33ED0BDDA1DAB	71CF3155E8D51BF1B97A852075AE1D14D46B687F	CBD57D3D1FC618573E5419FAEE509C452A66C1C652CEF99D5BCB9EBA99250EC9
Chrome Cache Entry: 79	ASCII text, with very long lines (596)	48C590D47C8B1868CECAB334E9A34CBE	5F1A9F94294EC337F657AC2EBEC1C74E097CE5B3	F3756825DF5194A174B7A55EBD3B484C276766EEF21343D34B053B98ED386801
Chrome Cache Entry: 80	ASCII text, with very long lines (328)	702049B302BEF35BA3614119B4C82CCE	7E57C5D8200793F87521F179990A91825DD96F24	EBA7FAB904D092F1C5F23A6788B5898E7B5E11F990682FED01315EC3F9D3040F
Chrome Cache Entry: 81	ASCII text, with very long lines (17572)	0C4D3AB97EFA1A507DD8F13E313ABF93	69A2C481F8C5DB9FE2B3AD071EDC08018AD91E73	38CCDB27CEE0901E4C014932EA698307899F9641336B8AD01D424D083E214BFE
Chrome Cache Entry: 82	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 83	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 84	ASCII text, with very long lines (29137)	0B5729A931D113BE34B6FAC13BCF5B29	88BA90D2D2944315AFD28A706EE5715ED980C634	AC1C8F94750B39B12327A5D0C56FDF946DABFB6D91E5D2A202879FF9A5D67E29
Chrome Cache Entry: 85	ASCII text, with very long lines (65451)	220AFD743D9E9643852E31A135A9F3AE	88523924351BAC0B5D560FE0C5781E2556E7693D	0925E8AD7BD971391A8B1E98BE8E87A6971919EB5B60C196485941C3C1DF089A
Chrome Cache Entry: 86	ASCII text, with very long lines (629)	DF40D6E4C661BCD1790DCE6861E34CE4	8BE76CE9CFD6388DAD97D74FF292ED1DCFC0EE97	038ECEC312FF9C0374C9D8831534865FB7ED6DF4C94CA822274CEA0AE4CF0E1E
Chrome Cache Entry: 87	ASCII text, with very long lines (596)	48C590D47C8B1868CECAB334E9A34CBE	5F1A9F94294EC337F657AC2EBEC1C74E097CE5B3	F3756825DF5194A174B7A55EBD3B484C276766EEF21343D34B053B98ED386801
Chrome Cache Entry: 88	ASCII text, with very long lines (32074)	C15B1008DEC3C8967EA657A7BB4BAAEC	78489E580ADAEF931E6E5B131DAB556C397E4A1A	28CE75D953678C4942DF47A11707A15E3C756021CF89090E3E6AA7AD6B6971C3
Chrome Cache Entry: 89	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1221x150, components 3	D81DEADBDC148DF44B85CCB5A52CB31E	C856CA6DA04C9D9F8B85B73AF0381B96284DB8A5	F32A90B69D51D705EF7E5ECE82283D28F7CCEDF03A409D993AFEDFDAA06608B6
Chrome Cache Entry: 90	ASCII text, with very long lines (1256), with no line terminators	6C3791FDA70716E0AB9F1F6F4F21E512	AB96EDFFACA2194A7FF28C32537D40A60B55504E	789F92933583070184499506660DA3A14EE53C23364B295EEEF8FBE76456F3F2
Chrome Cache Entry: 91	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 92	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x200, components 3	805ED9D4C5692E5A79E905F6412AC6E8	4A8E971F8CF9A468A9B0B69D532E913E960502BB	0538794F41EAF836A127731B453D19769C00853E45064BB3F0C339D892A6BDD2
Chrome Cache Entry: 93	ASCII text, with no line terminators	9F9C09E710BF4B791F895D28BCA13B4E	E83642A8B6872CEBBACD4A3902A7C55D7E6B89BB	BFE921737A9444EA43003FCEE8F7BA1F9BFA429502ED435976605A5A87FA6A18
Chrome Cache Entry: 94	HTML document, ASCII text, with CRLF line terminators	F714FDD752B7DC3DDCC3297A67758A2D	778F6910FDEA13852A3DF7C180425F103E791043	BE17C3EB464F4CC6CEB55740265AC64F5CE694D667C6AE2253BC33E9B9102196
Chrome Cache Entry: 95	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 96	ASCII text, with very long lines (65350)	1B21D2869BE6436B7DB5422A9083C97E	4BADBA503159675023D1CC111EE7AD5B9230D733	D2FBA4F0B5E8CAB9828E9D5FD0EDF4D2AA3533BE59432847F57DC9E9DFAC7269
Chrome Cache Entry: 97	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1221x150, components 3	D81DEADBDC148DF44B85CCB5A52CB31E	C856CA6DA04C9D9F8B85B73AF0381B96284DB8A5	F32A90B69D51D705EF7E5ECE82283D28F7CCEDF03A409D993AFEDFDAA06608B6
Chrome Cache Entry: 98	HTML document, ASCII text	1875B964B2673BCAF35533D81755B68A	FB86F064409D003DB4D66CC5B66B9FF75365A8C3	6444BE3877DF0537F174DADD4F6138A7017257778773044CBD313CC1437FF8BC
Chrome Cache Entry: 99	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC

Found iframes

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtv
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtv

HTML body contains low number of good links

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20

HTTP Parser: Base64 decoded: https://the-insurance-surgery.uk:443

Invalid T&C link found

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Invalid link: Privacy Notice
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Invalid link: Privacy Notice

Suspicious form URL found

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Form action: /p/bp/index.php
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: Form action: /p/bp/index.php

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No favicon
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtv	HTTP Parser: No favicon

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No <meta name="author".. found
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No <meta name="author".. found

Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No <meta name="copyright".. found
Source: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49745 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.8:49729 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49745 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830 HTTP/1.1Host: theinsurancesurgery.exvn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20 HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://theinsurancesurgery.exvn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/jquery-3.4.1/jquery-3.4.1.min.js HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
Source: global traffic	HTTP traffic detected: GET /p/common/bootstrap-4.4.1-dist/css/bootstrap.css HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/jquery-ui-1.12.1/jquery-ui.min.css HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/jquery-ui-1.12.1/jquery-ui.min.js HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/bootstrap-4.4.1-dist/js/bootstrap.js HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/common/fontawesome-free-5.12.0-web/js/all.min.js HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/images/logolander.jpg HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/images/footer.jpg HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/images/logolander.jpg HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/bp/images/footer.jpg HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtv HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://the-insurance-surgery.uk/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
Source: global traffic	HTTP traffic detected: GET /js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtvAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs&co=aHR0cHM6Ly90aGUtaW5zdXJhbmNlLXN1cmdlcnkudWs6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=yczljyfuaqtvAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: the-insurance-surgery.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5303117-20Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: theinsurancesurgery.exvn.com

Source: unknown

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 14:22:17 GMTServer: Apache/2.4.46 ()Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_84.2.dr, chromecache_88.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_84.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?bgShadowXPos=&bgOverlayXPos=&bgErrorXPos=&bgHighlightXPos=&bgConten
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_96.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_96.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_80.2.dr, chromecache_86.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_80.2.dr	String found in binary or memory: https://github.com/angular/angular/blob/7.2.4/packages/core/src/sanitization/url_sanitizer.ts
Source: chromecache_80.2.dr, chromecache_86.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_80.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_80.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/issues/24251
Source: chromecache_80.2.dr	String found in binary or memory: https://goo.gl/pxwQGp)
Source: chromecache_79.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_80.2.dr	String found in binary or memory: https://popper.js.org
Source: chromecache_80.2.dr	String found in binary or memory: https://popper.js.org/)
Source: chromecache_79.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_79.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_94.2.dr	String found in binary or memory: https://the-insurance-surgery.uk/p/bp/index.php?utm_source=merrehill&utm_medium=email&utm_campaign=5
Source: chromecache_100.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=6LdIrs8UAAAAAH-Abv-CZRQ6SYJ0wA7lkyPaPbQs
Source: chromecache_90.2.dr, chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_87.2.dr, chromecache_79.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__.
Source: chromecache_90.2.dr, chromecache_93.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
Source: chromecache_80.2.dr	String found in binary or memory: https://www.quirksmode.org/blog/archives/2014/02/mouse_event_bub.html

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.8:49729 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@18/53@12/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1912,i,16895947307000253171,10269158453712444937,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://theinsurancesurgery.exvn.com/page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1912,i,16895947307000253171,10269158453712444937,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1417071
Product:	CloudBasic
Start time:	15:21:08
Start date:	28.03.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://theinsurancesurgery.exvn.com/page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://theinsurancesurgery.exvn.com/page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://theinsurancesurgery.exvn.com/page.cfm?article=0x520bca7226d0ccd3d332a19303c28be7.0.190830