Windows Analysis Report
https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

Overview

General Information

Sample URL:	https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53
Analysis ID:	1428975
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

Classification

Signatures

HTML body contains low number of good links

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: Number of links: 0

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: <input type="password" .../> found

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: No favicon

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: No <meta name="author".. found

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/theme.css.jsf?ln=primefaces-aristo HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/components.css.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/core.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/components.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/jsf.js.jsf?ln=javax.faces HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/hotkey/hotkey.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/Image?c=logo&b=1&r=e2713817-be94-4754-b5ad-76b46e361350 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/TipClose.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/BangBullet.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/CheckBullet.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/fonts/sourcesanspro-regular.ttf.woff HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securemail.americanfidelity.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/TipClose.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/Image?c=logo&b=1&r=e2713817-be94-4754-b5ad-76b46e361350 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/BangBullet.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/CheckBullet.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BID=a8d08c53

Source: unknown

DNS traffic detected: queries for: securemail.americanfidelity.com

Source: chromecache_61.2.dr	String found in binary or memory: http://adomas.org/javascript-mouse-wheel/
Source: chromecache_56.2.dr	String found in binary or memory: http://api.jqueryui.com/category/theming/
Source: chromecache_61.2.dr	String found in binary or memory: http://api.jqueryui.com/position/
Source: chromecache_61.2.dr	String found in binary or memory: http://brandonaaron.net)
Source: chromecache_56.2.dr, chromecache_61.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_61.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_61.2.dr	String found in binary or memory: http://trentrichardson.com/examples/timepicker
Source: chromecache_61.2.dr	String found in binary or memory: http://www.jacklmoore.com/autosize
Source: chromecache_61.2.dr	String found in binary or memory: http://www.mathias-bank.de)
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/furf/jquery-ui-touch-punch
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/gabceb
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/gabceb/jquery-browser-plugin
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/jquery/jquery-color
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/markrian/jquery-ui-touch-punch-improved

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/35@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=1808,i,14689090978445171485,9497484238387250601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=1808,i,14689090978445171485,9497484238387250601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
67.231.149.122	pe-0018f201.gslb.pphosted.com	United States	26211	PROOFPOINT-ASN-US-WESTUS	false
74.125.138.104	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
173.194.219.104	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.4

Contacted Domains

Name	IP	Active
www.google.com	173.194.219.104	true
pe-0018f201.gslb.pphosted.com	67.231.149.122	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
windowsupdatebg.s.llnwi.net	69.164.42.0	true
securemail.americanfidelity.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://securemail.americanfidelity.com/securereader/javax.faces.resource/core.js.jsf?ln=primefaces&v=7.0.17	false	high
https://securemail.americanfidelity.com/formpostdir/fonts/sourcesanspro-regular.ttf.woff	false	high
https://securemail.americanfidelity.com/securereader/javax.faces.resource/jsf.js.jsf?ln=javax.faces	false	high
https://securemail.americanfidelity.com/securereader/javax.faces.resource/components.js.jsf?ln=primefaces&v=7.0.17	false	high
https://securemail.americanfidelity.com/securereader/javax.faces.resource/components.css.jsf?ln=primefaces&v=7.0.17	false	high
https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53	false	high
https://securemail.americanfidelity.com/formpostdir/images/CheckBullet.gif	false	high
https://securemail.americanfidelity.com/formpostdir/images/TipClose.gif	false	high
https://securemail.americanfidelity.com/favicon.ico	false	high
https://securemail.americanfidelity.com/securereader/javax.faces.resource/hotkey/hotkey.js.jsf?ln=primefaces&v=7.0.17	false	high
https://securemail.americanfidelity.com/securereader/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=7.0.17	false	high
https://securemail.americanfidelity.com/formpostdir/images/BangBullet.gif	false	high
https://securemail.americanfidelity.com/securereader/javax.faces.resource/theme.css.jsf?ln=primefaces-aristo	false	high
https://securemail.americanfidelity.com/formpostdir/Image?c=logo&b=1&r=e2713817-be94-4754-b5ad-76b46e361350	false	high
https://securemail.americanfidelity.com/securereader/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefaces&v=7.0.17	false	high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 54	GIF image data, version 89a, 8 x 8	4C69EEE876E3130B6951BA08FD6EB67C	884FD33D52C7EA30F04E8732A364A22DDB760F7D	CB61290F2FAD07BA1668C99FFF76B88C2910924860B2FD71547BAA3A4451B62F
Chrome Cache Entry: 55	ASCII text, with very long lines (18546)	1EC2E61D03A4C0EF91BE8E321D07C5D8	31034A0F1087C879BB12D3E16D85D341783E3249	A73D718DED1E36A2B0330EE5C0B5806AE9DA6306C406149EF0D4D7D0DB1670BA
Chrome Cache Entry: 56	ASCII text, with very long lines (15488)	CA00B2BD616FFC3C6041350A592C7426	EA082A42F3BB7A907B5A05E1E5EA5F6B967E3EFE	19846DEA837AA2A28869F608DB27827473E96713C9DE87ED94906AF0A928DDC2
Chrome Cache Entry: 57	HTML document, ASCII text, with very long lines (44333), with no line terminators	3E4F4050044D88C1DD0ED50742A7785D	188C5A4A665650BEFA953ACF5FEC87A8969BE5CA	E905FFB004E884DECC0118B5596596FE6FB88FEFDE62113402F3F8E1AC3BBA8A
Chrome Cache Entry: 58	ASCII text, with very long lines (25115), with no line terminators	6C9193EACA3F3316140C7A96D8E2EDEA	853589DF20768E14568C2A37177F440DDADB95D4	4E4A1EDD64E32C55BB71E49FDDAF41EE58AAD04BDC1570A93A89645CB3C09895
Chrome Cache Entry: 59	GIF image data, version 89a, 187 x 42	3CA3F016E03015A849316751F7C87186	EF64CFC852462E46079820C238D303B44D753DCB	7D7F289A00B24A4CCC2F4067EF7B5A664BE4390CFAC1945521691035F77A2F5D
Chrome Cache Entry: 60	ASCII text, with very long lines (2266), with no line terminators	3EC16AA44D720657743FB21B8843A42A	63585295ACACCEFA397927146CDF66DD4E61B2D1	AA45349925767E946B92475663269F3388B684612CAF430E23E5080C60D617DF
Chrome Cache Entry: 61	ASCII text, with very long lines (19425)	540804DAC5A11DF20E7119A35D01E2F8	6D1AB351BC7568ACB90E29C6ABDF4570A907A431	52D03B5EA1D204F7E6917075ECBB1C562F2FBE9029FE95C4BD25A70EDDDE2728
Chrome Cache Entry: 62	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	A05A05DCD6158CC4F8701173734F484A	FEEF99DC27E3DB5BF07A255B8EE509CCCACFF245	CA9A42575D5AD76A2915ED24034A512413392423BC5EC029B4605AEE7EDF5D46
Chrome Cache Entry: 63	GIF image data, version 89a, 8 x 8	0099E0458F743BD64142F6BC36E00E0D	90C3E270B87CE28789925391972647697AE458D9	3A085E20C4C690FCAB707C3492923DA12EF0D9911EACA70C7978C5595B1E546B
Chrome Cache Entry: 64	ASCII text, with very long lines (65451)	12108007906290015100837A6A61E9F4	1D6AE46F2FFA213DEDE37A521B011EC1CD8D1AD3	C4DCCDD9AE25B64078E0C73F273DE94F8894D5C99E4741645ECE29AEEFC9C5A4
Chrome Cache Entry: 65	GIF image data, version 89a, 8 x 8	0099E0458F743BD64142F6BC36E00E0D	90C3E270B87CE28789925391972647697AE458D9	3A085E20C4C690FCAB707C3492923DA12EF0D9911EACA70C7978C5595B1E546B
Chrome Cache Entry: 66	GIF image data, version 89a, 8 x 8	08563EA7B7B4F4488302CC85B21E4992	38C7C24638EE35C10A544F0401FB1270C0CD6D3A	749F13D9A507A80A7ACC85A5AD8C4CEE027BB31EBEA982D259A9256802009922
Chrome Cache Entry: 67	Web Open Font Format, TrueType, length 128612, version 2.10	03ADBB294261977089607CDEA10B520C	4DD8B4AD179F3F9B64EC980418F2C9D354A9983D	D79149C9559597EFFB066E4ED38C2C4B429C88D0420725C296D52C40363EAF68
Chrome Cache Entry: 68	GIF image data, version 89a, 8 x 8	4C69EEE876E3130B6951BA08FD6EB67C	884FD33D52C7EA30F04E8732A364A22DDB760F7D	CB61290F2FAD07BA1668C99FFF76B88C2910924860B2FD71547BAA3A4451B62F
Chrome Cache Entry: 69	ASCII text, with very long lines (13183)	5B3C7AC6A53B9D9BDB7A1C7B27EE036F	E4116A2AF7920957C0B26FE3B8B6212BFCA3B876	60A0E7BCF2F261816807201BB2A09522F62C399293CDF4B0B6443A42F6228C8B
Chrome Cache Entry: 70	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	A05A05DCD6158CC4F8701173734F484A	FEEF99DC27E3DB5BF07A255B8EE509CCCACFF245	CA9A42575D5AD76A2915ED24034A512413392423BC5EC029B4605AEE7EDF5D46
Chrome Cache Entry: 71	GIF image data, version 89a, 187 x 42	3CA3F016E03015A849316751F7C87186	EF64CFC852462E46079820C238D303B44D753DCB	7D7F289A00B24A4CCC2F4067EF7B5A664BE4390CFAC1945521691035F77A2F5D
Chrome Cache Entry: 72	ASCII text, with no line terminators	A9F6ACA0DDD1A608B57C970276E02751	535FAA65173E45086F2517F621EDA5C77DA20C41	418D08E8945073DF1D6FE5E214E00F24057E4ADD220E3C0146C3FAB28D8F0B24
Chrome Cache Entry: 73	GIF image data, version 89a, 8 x 8	08563EA7B7B4F4488302CC85B21E4992	38C7C24638EE35C10A544F0401FB1270C0CD6D3A	749F13D9A507A80A7ACC85A5AD8C4CEE027BB31EBEA982D259A9256802009922

HTML body contains low number of good links

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: Number of links: 0

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: <input type="password" .../> found

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: No favicon

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: No <meta name="author".. found

Source: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/theme.css.jsf?ln=primefaces-aristo HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/components.css.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/core.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/components.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/jsf.js.jsf?ln=javax.faces HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /securereader/javax.faces.resource/hotkey/hotkey.js.jsf?ln=primefaces&v=7.0.17 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/Image?c=logo&b=1&r=e2713817-be94-4754-b5ad-76b46e361350 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/TipClose.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/BangBullet.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/CheckBullet.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/fonts/sourcesanspro-regular.ttf.woff HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://securemail.americanfidelity.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/TipClose.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/Image?c=logo&b=1&r=e2713817-be94-4754-b5ad-76b46e361350 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/BangBullet.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /formpostdir/images/CheckBullet.gif HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=86058F5DE4B707B6D0B47D097F69BF61; BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BID=a8d08c53
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: BID=a8d08c53

Source: unknown

DNS traffic detected: queries for: securemail.americanfidelity.com

Source: chromecache_61.2.dr	String found in binary or memory: http://adomas.org/javascript-mouse-wheel/
Source: chromecache_56.2.dr	String found in binary or memory: http://api.jqueryui.com/category/theming/
Source: chromecache_61.2.dr	String found in binary or memory: http://api.jqueryui.com/position/
Source: chromecache_61.2.dr	String found in binary or memory: http://brandonaaron.net)
Source: chromecache_56.2.dr, chromecache_61.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_61.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_61.2.dr	String found in binary or memory: http://trentrichardson.com/examples/timepicker
Source: chromecache_61.2.dr	String found in binary or memory: http://www.jacklmoore.com/autosize
Source: chromecache_61.2.dr	String found in binary or memory: http://www.mathias-bank.de)
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/furf/jquery-ui-touch-punch
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/gabceb
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/gabceb/jquery-browser-plugin
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/jquery/jquery-color
Source: chromecache_61.2.dr	String found in binary or memory: https://github.com/markrian/jquery-ui-touch-punch-improved

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49762 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/35@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=1808,i,14689090978445171485,9497484238387250601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=1808,i,14689090978445171485,9497484238387250601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1428975
Product:	CloudBasic
Start time:	00:05:34
Start date:	20.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://securemail.americanfidelity.com/formpostdir/securereader?id=u-uE4fLt9U7W_l_z61W7cNnMr9xa6Noz&brand=a8d08c53