Windows Analysis Report https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io

Overview

General Information

Sample URL: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io
Analysis ID: 502281
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected HtmlPhish10
Phishing site detected (based on logo template match)
URL contains potential PII (phishing indication)
HTML body contains low number of good links
No HTML title found

Classification

Phishing:

barindex
Yara detected HtmlPhish10
Source: Yara match File source: 93495.1.pages.csv, type: HTML
Source: Yara match File source: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, type: DROPPED
Phishing site detected (based on logo template match)
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook Matcher: Template: unicredit matched
URL contains potential PII (phishing indication)
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io Sample URL: PII: andy@candies-twentytwo.io
HTML body contains low number of good links
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP Parser: Number of links: 1
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP Parser: Number of links: 1
No HTML title found
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP Parser: HTML title missing
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP Parser: HTML title missing
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP Parser: No <meta name="author".. found
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP Parser: No <meta name="author".. found
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP Parser: No <meta name="copyright".. found
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 67.227.248.137:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: clientconfig.passport.net
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/?email=andy@candies-twentytwo.io HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/css/api.css HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/config.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/framework.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/bundle.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/framework.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/bundle.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/manifest.json HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/favicon-32x32.png HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/android-chrome-192x192.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: insurance.insuretym.com
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/favicon-16x16.png HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/favicon-96x96.png HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/android-chrome-192x192.png HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/js/config.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/css/style.css HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/css/pikaday.css HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/js/framework.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/js/bundle.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/images/icons/icons.svg HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /office365.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/images/background.svg HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/fonts/Roboto-Medium.woff2 HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveOrigin: https://insurance.insuretym.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/fonts/Roboto-Regular.woff2 HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveOrigin: https://insurance.insuretym.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=a9a88841c8ace1d77f8ef4a0c3414822
Source: global traffic HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/images/favicon/manifest.json HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:13 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:13 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:13 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:14 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:15 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:16 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:16 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:17 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:17 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:18 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:18 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:24 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:26 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:12:27 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: angular.js.0.dr String found in binary or memory: http://angularjs.org
Source: data_3.1.dr String found in binary or memory: http://candies-twentytwo.io/favicon.ico
Source: data_2.1.dr String found in binary or memory: http://dbushell.com/
Source: angular.js.0.dr String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, manifest.json0.0.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://ajax.googleapis.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://ajax.googleapis.com/
Source: data_1.1.dr, 5dc4e4e594caf8e4_0.0.dr, data_3.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Source: data_1.1.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.jsvar
Source: data_2.1.dr String found in binary or memory: https://api.w.org/
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, manifest.json0.0.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.0.dr String found in binary or memory: https://apis.google.com/js/client.js
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/android-chrome-192x192.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-114x114.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-120x120.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-144x144.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-152x152.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-180x180.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-57x57.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-60x60.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-72x72.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-76x76.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/favicon-32x32.png
Source: data_3.1.dr String found in binary or memory: https://candies-twentytwo.io/images/favicon/favicon-96x96.png
Source: mirroring_common.js.0.dr String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://clients6.google.com
Source: 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.1.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCRV0lK_FUffSEgk
Source: manifest.json0.0.dr String found in binary or memory: https://content.googleapis.com
Source: mirroring_cast_streaming.js.0.dr, common.js.0.dr String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
Source: data_3.1.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a2d20088-966f-4854-bb7f-fccd8a615bd4.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr, 0c6c11d4-dd66-426c-bb49-4aa2b819fff2.tmp.1.dr String found in binary or memory: https://dns.google
Source: mirroring_common.js.0.dr String found in binary or memory: https://docs.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.dr String found in binary or memory: https://github.com/angular/material
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: Current Session.0.dr String found in binary or memory: https://insurance.insuretym.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://insurance.insuretym.com/
Source: History.0.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/android-chrome-192x192.png
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/favicon-16x16.png
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/favicon-32x32.png
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/favicon-96x96.png
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/manifest.json
Source: Current Session.0.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/
Source: History.0.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=FgjdptDJGZoUaM7YHx41X8&
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/api.css
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/pikaday.css
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/style.css
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/style.css%
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/fonts/Roboto-Medium.woff2
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/fonts/Roboto-Regular.woff2
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/fonts/Roboto-Regular.woff2ChIKBw3n
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/images/background.svg
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/images/favicon/manifest.json
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/images/favicon/manifest.jsonD
Source: data_1.1.dr, 8f75485cfa400fd0_0.0.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/bundle.min.js
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/bundle.min.js8
Source: data_1.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/config.js
Source: data_1.1.dr, eaf07a6405f89499_0.0.dr String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/framework.min.js
Source: data_2.1.dr String found in binary or memory: https://insurance.insuretym.com/wp-json/
Source: 8f75485cfa400fd0_0.0.dr String found in binary or memory: https://insuretym.com/
Source: data_3.1.dr String found in binary or memory: https://logo.clearbit.com/office365.com
Source: data_1.1.dr String found in binary or memory: https://logo.clearbit.com/office365.com?
Source: mirroring_common.js.0.dr String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.0.dr String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json106.0.dr, feedback.html.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json106.0.dr, feedback.html.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: Current Session.0.dr String found in binary or memory: https://www.candies-twentytwo.io/
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, manifest.json0.0.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.0.dr String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com;
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.0.dr String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.0.dr String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 544892d2-36a4-4312-ac0c-04c6d912b729.tmp.1.dr, a226f832-3cc3-4dcd-9bbb-44b349591bdf.tmp.1.dr, 4d3d671e-5f60-40db-bf20-d8c9b1efc9da.tmp.1.dr String found in binary or memory: https://www.gstatic.com
Source: common.js.0.dr String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json0.0.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: unknown HTTPS traffic detected: 67.227.248.137:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\d8597684-ff92-4815-b1ab-e3f0a7de006e.tmp Jump to behavior
Source: classification engine Classification label: mal52.phis.win@30/222@14/9
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,15913376204894206676,13153788505041309777,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,15913376204894206676,13153788505041309777,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61671369-1390.pma Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs