Analysis Report https://ziadieinsurance.eb-sites.com/5518707892682752

Overview

General Information

Sample URL: https://ziadieinsurance.eb-sites.com/5518707892682752
Analysis ID: 404234
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on shot template match)
Yara detected HtmlPhish10
Yara detected HtmlPhish7
Phishing site detected (based on logo template match)
Found iframes
HTML body contains low number of good links
HTML title does not match URL

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: https://ziadieinsurance.eb-sites.com/5518707892682752 SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social usering
Antivirus detection for URL or domain
Source: https://fitnessfortravel.top/spider/xx/ SlashNext: Label: Fake Login Page type: Phishing & Social usering

Phishing:

barindex
Phishing site detected (based on shot template match)
Source: https://fitnessfortravel.top/spider/xx/ Matcher: Template: office matched
Yara detected HtmlPhish10
Source: Yara match File source: 585948.0.links.csv, type: HTML
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\xx[1].htm, type: DROPPED
Yara detected HtmlPhish7
Source: Yara match File source: 585948.0.links.csv, type: HTML
Source: Yara match File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\xx[1].htm, type: DROPPED
Phishing site detected (based on logo template match)
Source: https://fitnessfortravel.top/spider/xx/ Matcher: Template: onedrive matched
Found iframes
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: https://www.ziadieinsurance.com/ HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
HTML body contains low number of good links
Source: https://www.ziadieinsurance.com/ HTTP Parser: Number of links: 1
Source: https://www.ziadieinsurance.com/ HTTP Parser: Number of links: 1
Source: https://www.ziadieinsurance.com/ HTTP Parser: Number of links: 1
Source: https://www.ziadieinsurance.com/ HTTP Parser: Number of links: 1
Source: https://fitnessfortravel.top/spider/xx/ HTTP Parser: Number of links: 0
Source: https://fitnessfortravel.top/spider/xx/ HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://fitnessfortravel.top/spider/xx/ HTTP Parser: Title: OneDrive | Login does not match URL
Source: https://fitnessfortravel.top/spider/xx/ HTTP Parser: Title: OneDrive | Login does not match URL
Source: https://www.ziadieinsurance.com/ HTTP Parser: No <meta name="author".. found
Source: https://www.ziadieinsurance.com/ HTTP Parser: No <meta name="author".. found
Source: https://www.ziadieinsurance.com/ HTTP Parser: No <meta name="author".. found
Source: https://www.ziadieinsurance.com/ HTTP Parser: No <meta name="author".. found
Source: https://fitnessfortravel.top/spider/xx/ HTTP Parser: No <meta name="author".. found
Source: https://fitnessfortravel.top/spider/xx/ HTTP Parser: No <meta name="author".. found
Source: https://www.ziadieinsurance.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.ziadieinsurance.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.ziadieinsurance.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.ziadieinsurance.com/ HTTP Parser: No <meta name="copyright".. found
Source: https://fitnessfortravel.top/spider/xx/ HTTP Parser: No <meta name="copyright".. found
Source: https://fitnessfortravel.top/spider/xx/ HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 143.110.228.35:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 143.110.228.35:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.32.21.90:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.32.21.90:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 31.210.20.74:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 31.210.20.74:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 100.25.4.145:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.32.23.123:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.32.23.123:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.88.7:443 -> 192.168.2.6:49783 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.88.7:443 -> 192.168.2.6:49784 version: TLS 1.2
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.ziadieinsurance.comConnection: Keep-Alive
Source: unknown DNS traffic detected: queries for: ziadieinsurance.eb-sites.com
Source: AZJRJN0J.htm.2.dr String found in binary or memory: http://browsehappy.com/
Source: fontawesome-webfont[1].eot.2.dr, font-awesome.min[1].css.2.dr String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.2.dr String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: slick[1].js.2.dr String found in binary or memory: http://github.com/kenwheeler/slick
Source: slick[1].js.2.dr String found in binary or memory: http://github.com/kenwheeler/slick/issues
Source: xx[1].htm0.2.dr String found in binary or memory: http://gmail.com/
Source: hover[1].css.2.dr String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.2.dr String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: slick[1].js.2.dr String found in binary or memory: http://kenwheeler.github.io
Source: slick[1].js.2.dr String found in binary or memory: http://kenwheeler.github.io/slick
Source: popper.min[1].js.2.dr String found in binary or memory: http://opensource.org/licenses/MIT).
Source: drag-a79a51ae7c41df2c005cf922050e5260f58d79815ecefda6cc6b9f766577ae29[1].svg.2.dr String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: AZJRJN0J.htm.2.dr String found in binary or memory: http://www.google.com/chromeframe/?redirect=true
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: http://www.ziadieinsurance.com/
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/4ALeRBgPdiqBWaQKnSYigUHS
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/6eeMuS9eNcBramrNByc8JY9s
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/9r6aMqZHBbSxF6mYyBXbTmK4
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/9rMCoz65GNhVQjiFtFZB7x5x
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/DXnh2gQGUzsBKDcjrSfahMBG
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/J6HCMGSsUygUJQvcFZ2XfDaG
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/PGVP3NWeAPUabnTrTA1PQpn6
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/f3GY34unAFcsvxZqAfapGaRU
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/jxSxTBQt9wpC9Z1kmUx4U8F5
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/oQcerTs5SqZdSUU7TJZ9S8oy
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://agentmethods.c
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://agentmethods.com/
Source: ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://agentmethods.com/e.com/r/xx/8707892682752
Source: ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://agentmethods.com/e.com/r/xx/8707892682752T
Source: xx[1].htm0.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: leadgrabbers[1].json.2.dr String found in binary or memory: https://app.engagebay.com/rest/api/signup/signup-user
Source: leadgrabbers[1].json.2.dr String found in binary or memory: https://app.engagebay.com/signup
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: https://cdn2.eb-pages.com/uploads/5356667366539264/pdf.png
Source: xx[1].htm0.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick-theme.min.css
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.js
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js
Source: xx[1].htm0.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: AZJRJN0J.htm.2.dr, xx[1].htm0.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: xx[1].htm0.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: leadgrabbers[1].json.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/avatar/avatar-new.png
Source: imagestore.dat.2.dr, 5518707892682752[1].htm.2.dr, ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/logo/fav/ab-16x16.ico
Source: imagestore.dat.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/logo/fav/ab-16x16.ico5:
Source: imagestore.dat.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/logo/fav/ab-16x16.ico~
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/bootstrap.min.css
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/commons.css
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/iframe.js?86-2.4349062990782067
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/page-actions.js?=86-2.434906299
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/page.css
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/prod/assets/lib/font-family/roboto.css
Source: ehform[1].js.2.dr String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/jsapi
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://fitnessfortrave.eb-sites.com/5518707892682752
Source: 5518707892682752[1].htm.2.dr String found in binary or memory: https://fitnessfortravel.top/spider/xx
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://fitnessfortravel.top/spider/xx/
Source: ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://fitnessfortravel.top/spider/xx/8707892682752
Source: ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://fitnessfortravel.top/spider/xx/8707892682752p
Source: free.min[1].css.2.dr, free-fa-solid-900[1].eot.2.dr String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr String found in binary or memory: https://fontawesome.com/license/free
Source: free-fa-solid-900[1].eot.2.dr, free-fa-regular-400[1].eot.2.dr String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: 9rMCoz65GNhVQjiFtFZB7x5x[1].css.2.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto:ital
Source: xx[1].htm0.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: roboto[1].css.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:100
Source: css[1].css0.2.dr String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrEzAdKQ.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrIzQ.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ABc-.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBBc-.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBCc6CsI.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjARc-.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBhc-.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgVxIIzQ.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgWxM.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu52xM.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9vAA.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5vAA.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlvAA.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc-.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtvAA.woff)
Source: css2[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Me5g.woff)
Source: css[1].css.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: bootstrap.min[2].js.2.dr, bootstrap.min[1].css0.2.dr String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr, bootstrap.bundle.min[1].js.2.dr, bootstrap.min[1].css1.2.dr, application-e787529eaf981cd5a233dbffb4fe8672557b4485af3e5c74e85bac7ae01ac35e[1].js.2.dr String found in binary or memory: https://getbootstrap.com/)
Source: hover[1].css.2.dr String found in binary or memory: https://github.com/IanLunn/Hover
Source: v215[1].js.2.dr String found in binary or memory: https://github.com/faisalman/ua-parser-js
Source: bootstrap.bundle.min[1].js.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr, bootstrap.bundle.min[1].js.2.dr, application-e787529eaf981cd5a233dbffb4fe8672557b4485af3e5c74e85bac7ae01ac35e[1].js.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://images.unsplash.com/photo-1509023464722-18d996393ca8?ixlib=rb-1.2.1&amp;ixid=eyJhcHBfaWQiOjE
Source: 585b051251[1].js.2.dr String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.2.dr String found in binary or memory: https://kit.fontawesome.com
Source: xx[1].htm0.2.dr String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: xx[1].htm0.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: xx[1].htm0.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: bugsnag.min[1].js.2.dr String found in binary or memory: https://notify.bugsnag.com
Source: bugsnag.min[1].js.2.dr String found in binary or memory: https://sessions.bugsnag.com
Source: xx[1].htm0.2.dr String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: AZJRJN0J.htm.2.dr, 5518707892682752[1].htm.2.dr String found in binary or memory: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.engagebay.
Source: 5518707892682752[1].htm.2.dr, ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://www.engagebay.com/?utm_source=eb-lps
Source: ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://www.engagebay.com/?utm_source=eb-lps2682752
Source: ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://www.engagebay.com/?utm_source=eb-lpsT
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&amp;license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&amp;license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&amp;license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&amp;license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&amp;license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&amp;license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=H
Source: AZJRJN0J.htm.2.dr, {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&amp;license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&licen
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&amp;InsuranceTypeId=G&a
Source: AZJRJN0J.htm.2.dr String found in binary or memory: https://www.ziadieinsurance.com
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.ziadieinsurance.com/
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://www.ziadieinsurance.com/PExpress
Source: ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://www.ziadieinsurance.com/r/xx/8707892682752
Source: ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://www.ziadieinsurance.com/r/xx/8707892682752b
Source: ~DFE213617724B763D4.TMP.1.dr String found in binary or memory: https://www.ziadieinsurance.com/r/xx/8707892682752e
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268/ziadieinsurance.eb-sites.com/5518707892682752
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://ziadieinsurance.eb-sites.com/5518707892682752
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://ziadieinsurance.eb-sites.com/5518707892682752Root
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268Root
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268com/?utm_source=eb-lpsRoot
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268el.top/spider/xx/8707892682752Root
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268om/e.com/r/xx/8707892682752Root
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268rance.com/r/xx/8707892682752Root
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown HTTPS traffic detected: 143.110.228.35:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 143.110.228.35:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.32.21.90:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.32.21.90:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 31.210.20.74:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 31.210.20.74:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 100.25.4.145:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.32.23.123:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.32.23.123:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.88.7:443 -> 192.168.2.6:49783 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.88.7:443 -> 192.168.2.6:49784 version: TLS 1.2
Source: classification engine Classification label: mal84.phis.win@3/128@17/12
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2E2545E7-AD52-11EB-90E5-ECF4BB2D2496}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF7320F14610119AE5.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3084 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3084 CREDAT:17410 /prefetch:2 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 404234 URL: https://ziadieinsurance.eb-... Startdate: 04/05/2021 Architecture: WINDOWS Score: 84 15 favicon.ico 2->15 23 Antivirus detection for URL or domain 2->23 25 Antivirus / Scanner detection for submitted sample 2->25 27 Phishing site detected (based on shot template match) 2->27 29 3 other signatures 2->29 7 iexplore.exe 5 54 2->7         started        signatures3 process4 process5 9 iexplore.exe 8 170 7->9         started        dnsIp6 17 fitnessfortravel.top 31.210.20.74, 443, 49749, 49750 PLUSSERVER-ASN1DE Netherlands 9->17 19 ghs.googlehosted.com 142.250.184.243, 443, 49737, 49738 GOOGLEUS United States 9->19 21 20 other IPs or domains 9->21 13 C:\Users\user\AppData\Local\...\xx[1].htm, HTML 9->13 dropped file7
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
100.25.4.145
 fox.agentmethods-0820.c66.me United States
14618 AMAZON-AESUS false
52.217.89.76
 s3-1-w.amazonaws.com United States
16509 AMAZON-02US false
208.90.88.30
 www.quotit.net United States
22221 GMACI-COMMUS false
13.35.253.54
 d2p078bqz5urf7.cloudfront.net United States
16509 AMAZON-02US false
143.110.228.35
 ziadieinsurance.eb-sites.com United States
30376 COLLEGE-OF-ST-SCHOLASTICAUS false
35.190.88.7
 sessions.bugsnag.com United States
15169 GOOGLEUS false
104.18.11.207
 stackpath.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
31.210.20.74
 fitnessfortravel.top Netherlands
61157 PLUSSERVER-ASN1DE false
142.250.184.243
 ghs.googlehosted.com United States
15169 GOOGLEUS false
13.32.23.123
 d2wy8f7a9ursnm.cloudfront.net United States
7018 ATT-INTERNET4US false
104.16.19.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
13.32.21.90
 d3w29h23ietttc.cloudfront.net United States
7018 ATT-INTERNET4US false

Contacted Domains

Name IP Active
ziadieinsurance.eb-sites.com 143.110.228.35 true
stackpath.bootstrapcdn.com 104.18.11.207 true
www.quotit.net 208.90.88.30 true
sessions.bugsnag.com 35.190.88.7 true
maxcdn.bootstrapcdn.com 104.18.11.207 true
s3-1-w.amazonaws.com 52.217.89.76 true
cdnjs.cloudflare.com 104.16.19.94 true
d3w29h23ietttc.cloudfront.net 13.32.21.90 true
d2wy8f7a9ursnm.cloudfront.net 13.32.23.123 true
d2p078bqz5urf7.cloudfront.net 13.35.253.54 true
fox.agentmethods-0820.c66.me 100.25.4.145 true
fitnessfortravel.top 31.210.20.74 true
ghs.googlehosted.com 142.250.184.243 true
ka-f.fontawesome.com unknown unknown
kit.fontawesome.com unknown unknown
favicon.ico unknown unknown
app.engagebay.com unknown unknown
cdn2.eb-pages.com unknown unknown
code.jquery.com unknown unknown
agentmethods-production.s3.amazonaws.com unknown unknown
www.ziadieinsurance.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.engagebay.com/?utm_source=eb-lps true unknown
https://agentmethods.com/ true
    		unknown
    http://www.ziadieinsurance.com/ false
    • Avira URL Cloud: safe
    		 unknown
    https://ziadieinsurance.eb-sites.com/5518707892682752 true
      		unknown
      https://www.ziadieinsurance.com/ true
        		unknown
        https://fitnessfortravel.top/spider/xx/ true
        • SlashNext: Fake Login Page type: Phishing & Social usering
        		 unknown