Windows Analysis Report
https://idp.accreditor.com:8443/realms/ACEP/protocol/openid-connect/auth?client_id=survey_spa&redirect_uri=https%3A%2F%2Facep.accreditor.com%2Flogin%2Fcallback&state=bed2bb9f-0f49-4e40-b2dc-a9bd88fa3533&response_mode=fragment&response_type=code&scope=openid&nonce=6d8857dc-4652-434f-938f-d5340af9b3da

Overview

General Information

Sample URL: https://idp.accreditor.com:8443/realms/ACEP/protocol/openid-connect/auth?client_id=survey_spa&redirect_uri=https%3A%2F%2Facep.accreditor.com%2Flogin%2Fcallback&state=bed2bb9f-0f49-4e40-b2dc-a9bd88fa35
Analysis ID: 1624483
Infos:

Detection

Score: 3
Range: 0 - 100
Confidence: 80%

Signatures

Detected hidden input values containing email addresses (often used in phishing pages)
Form action URLs do not match main URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Detected hidden input values containing email addresses (often used in phishing pages)
Source: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEP HTTP Parser: Please send an e-mail message to <a href='mailto:membership@acep.org'>membership@acep.org</a>. You may also call 800-798-1822, ext. 5 for Member Care Center.
Form action URLs do not match main URL
Source: https://idp.accreditor.com:8443/realms/ACEP/broker/ACEP/login?session_code=t-28va_hgtXawpLA1MIwY_koblECmRrRIgsppjZhbQs&client_id=survey_spa&tab_id=1R2-RyxCrK4&client_data=eyJydSI6Imh0dHBzOi8vYWNlcC5hY2NyZWRpdG9yLmNvbS9sb2dpbi9jYWxsYmFjayIsInJ0IjoiY29kZSIsInJtIjoiZnJhZ21lbnQiLCJzdCI6ImJlZDJiYjlmLTBmNDktNGU0MC1iMmRjLWE5YmQ4OGZhMzUzMyJ9 HTTP Parser: Form action: https://signin.acep.org/idp/SAML/SSOService accreditor acep
HTML body contains low number of good links
Source: https://idp.accreditor.com:8443/realms/ACEP/broker/ACEP/login?session_code=t-28va_hgtXawpLA1MIwY_koblECmRrRIgsppjZhbQs&client_id=survey_spa&tab_id=1R2-RyxCrK4&client_data=eyJydSI6Imh0dHBzOi8vYWNlcC5hY2NyZWRpdG9yLmNvbS9sb2dpbi9jYWxsYmFjayIsInJ0IjoiY29kZSIsInJtIjoiZnJhZ21lbnQiLCJzdCI6ImJlZDJiYjlmLTBmNDktNGU0MC1iMmRjLWE5YmQ4OGZhMzUzMyJ9 HTTP Parser: Number of links: 0
HTML page contains hidden javascript code
Source: https://idp.accreditor.com:8443/realms/ACEP/broker/ACEP/login?session_code=t-28va_hgtXawpLA1MIwY_koblECmRrRIgsppjZhbQs&client_id=survey_spa&tab_id=1R2-RyxCrK4&client_data=eyJydSI6Imh0dHBzOi8vYWNlcC5hY2NyZWRpdG9yLmNvbS9sb2dpbi9jYWxsYmFjayIsInJ0IjoiY29kZSIsInJtIjoiZnJhZ21lbnQiLCJzdCI6ImJlZDJiYjlmLTBmNDktNGU0MC1iMmRjLWE5YmQ4OGZhMzUzMyJ9 HTTP Parser: Base64 decoded: {"ru":"https://acep.accreditor.com/login/callback","rt":"code","rm":"fragment","st":"bed2bb9f-0f49-4e40-b2dc-a9bd88fa3533"}
HTML title does not match URL
Source: https://idp.accreditor.com:8443/realms/ACEP/broker/ACEP/login?session_code=t-28va_hgtXawpLA1MIwY_koblECmRrRIgsppjZhbQs&client_id=survey_spa&tab_id=1R2-RyxCrK4&client_data=eyJydSI6Imh0dHBzOi8vYWNlcC5hY2NyZWRpdG9yLmNvbS9sb2dpbi9jYWxsYmFjayIsInJ0IjoiY29kZSIsInJtIjoiZnJhZ21lbnQiLCJzdCI6ImJlZDJiYjlmLTBmNDktNGU0MC1iMmRjLWE5YmQ4OGZhMzUzMyJ9 HTTP Parser: Title: Sign in to ACEP does not match URL
Source: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEP HTTP Parser: <input type="password" .../> found
Source: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEP HTTP Parser: No favicon
Source: https://idp.accreditor.com:8443/realms/ACEP/broker/ACEP/login?session_code=t-28va_hgtXawpLA1MIwY_koblECmRrRIgsppjZhbQs&client_id=survey_spa&tab_id=1R2-RyxCrK4&client_data=eyJydSI6Imh0dHBzOi8vYWNlcC5hY2NyZWRpdG9yLmNvbS9sb2dpbi9jYWxsYmFjayIsInJ0IjoiY29kZSIsInJtIjoiZnJhZ21lbnQiLCJzdCI6ImJlZDJiYjlmLTBmNDktNGU0MC1iMmRjLWE5YmQ4OGZhMzUzMyJ9 HTTP Parser: No <meta name="author".. found
Source: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEP HTTP Parser: No <meta name="author".. found
Source: https://idp.accreditor.com:8443/realms/ACEP/broker/ACEP/login?session_code=t-28va_hgtXawpLA1MIwY_koblECmRrRIgsppjZhbQs&client_id=survey_spa&tab_id=1R2-RyxCrK4&client_data=eyJydSI6Imh0dHBzOi8vYWNlcC5hY2NyZWRpdG9yLmNvbS9sb2dpbi9jYWxsYmFjayIsInJ0IjoiY29kZSIsInJtIjoiZnJhZ21lbnQiLCJzdCI6ImJlZDJiYjlmLTBmNDktNGU0MC1iMmRjLWE5YmQ4OGZhMzUzMyJ9 HTTP Parser: No <meta name="copyright".. found
Source: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEP HTTP Parser: No <meta name="copyright".. found
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49747 version: TLS 1.0
Source: chrome.exe Memory has grown: Private usage: 0MB later: 33MB
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49747 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEP HTTP/1.1Host: signin.acep.orgConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /idp/Shared/Plugins/bootstrap/css/bootstrap?v=vswpsa-6cYDdkhEXxzMMZINvA1I-oLa95OwEW8wuIGs1 HTTP/1.1Host: signin.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEPAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /idp/shared/plugins/font-awesome/css/fonts?v=X_airX47mKrD6g-ole8bweSNDfy9OJ22oLvff2HBjqA1 HTTP/1.1Host: signin.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEPAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /idp/bundles/js/modernizr?v=_crq2QUT7I_NAMAaEv7T-Hgr0jkqYYHmaNBKKo2em_Q1 HTTP/1.1Host: signin.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEPAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /idp/bundles/js/jquery?v=jphFfUbP7Hvea2DMaBYOvcAOrrN865neaas9rlTBs-c1 HTTP/1.1Host: signin.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEPAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /globalstyles/css/acep.css HTTP/1.1Host: webapps.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://signin.acep.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /globalstyles/images/acep-logo.png HTTP/1.1Host: webapps.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signin.acep.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /idp/bundles/js/modernizr?v=_crq2QUT7I_NAMAaEv7T-Hgr0jkqYYHmaNBKKo2em_Q1 HTTP/1.1Host: signin.acep.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /idp/bundles/bootstrap?v=MeX_bfHhK447gKEr2glhx0uNfW_XPCNTRrilZVba_081 HTTP/1.1Host: signin.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEPAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /idp/bundles/js/jquery?v=jphFfUbP7Hvea2DMaBYOvcAOrrN865neaas9rlTBs-c1 HTTP/1.1Host: signin.acep.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /globalstyles/images/acep-logo.png HTTP/1.1Host: webapps.acep.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA049705593CA73A42706CE2B8AE11110C2271B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA049705593CA73A42706CE2B8AE11110C2271B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /idp/bundles/bootstrap?v=MeX_bfHhK447gKEr2glhx0uNfW_XPCNTRrilZVba_081 HTTP/1.1Host: signin.acep.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /globalstyles/images/acep_logo.svg HTTP/1.1Host: webapps.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://webapps.acep.org/globalstyles/css/acep.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA049705593CA73A42706CE2B8AE11110C2271B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA049705593CA73A42706CE2B8AE11110C2271B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /idp/shared/plugins/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1Host: signin.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signin.acep.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://signin.acep.org/idp/shared/plugins/font-awesome/css/fonts?v=X_airX47mKrD6g-ole8bweSNDfy9OJ22oLvff2HBjqA1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /globalstyles/images/acep_logo.svg HTTP/1.1Host: webapps.acep.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA049705593CA73A42706CE2B8AE11110C2271B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA049705593CA73A42706CE2B8AE11110C2271B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: signin.acep.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEPAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=czv1t3g4wguzeq1xqfg5tcz5; SAML_SessionId=17a22497-9b52-4aea-9a39-d10cf2b0a709; AWSELB=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A; AWSELBCORS=FF158FE71C9A1A5DB86EA18188E1A82F856B389D4C5AC9FC0722AB58C0EB9D7F8A8F0DA0495E061B8B53CBA0482BD899E047670D581B4BC15A671299A7361D81BD2417DB5A
Source: global traffic HTTP traffic detected: GET /RapidSSLTLSRSACAG1.crt HTTP/1.1Host: cacerts.rapidssl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: idp.accreditor.com
Source: global traffic DNS traffic detected: DNS query: _8443._https.idp.accreditor.com
Source: global traffic DNS traffic detected: DNS query: cacerts.rapidssl.com
Source: global traffic DNS traffic detected: DNS query: signin.acep.org
Source: global traffic DNS traffic detected: DNS query: webapps.acep.org
Source: unknown HTTP traffic detected: POST /idp/SAML/SSOService HTTP/1.1Host: signin.acep.orgConnection: keep-aliveContent-Length: 1090Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: nullContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Wed, 26 Feb 2025 09:04:43 GMTServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETContent-Length: 1245Connection: Close
Source: chromecache_96.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0c
Source: chromecache_102.2.dr String found in binary or memory: http://mdo.github.io/table-grid)
Source: chromecache_96.2.dr String found in binary or memory: http://ocsp.digicert.com0B
Source: chromecache_102.2.dr String found in binary or memory: https://chieffancypants.github.io/angular-loading-bar
Source: chromecache_102.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqW106F15M.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWt06F15M.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtk6F15M.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWu06F15M.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuk6F15M.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWxU6F15M.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuHMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMRw.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDubMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDujMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDunMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDurMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuvMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuHMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuXMRw.woff2)
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDubMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDujMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDunMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDurMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuvMR6WR.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NHdQDnbTkabZAIOl9il_O6KJj73e7Fd_-7suD8Qb2V6As.wo
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NHdQDnbTkabZAIOl9il_O6KJj73e7Fd_-7suD8Rb2V.woff2
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NHdQDnbTkabZAIOl9il_O6KJj73e7Fd_-7suD8Rr2V6As.wo
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NHdQDnbTkabZAIOl9il_O6KJj73e7Fd_-7suD8S72V6As.wo
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NHdQDnbTkabZAIOl9il_O6KJj73e7Fd_-7suD8SL2V6As.wo
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NHdQDnbTkabZAIOl9il_O6KJj73e7Fd_-7suD8Sb2V6As.wo
Source: chromecache_99.2.dr String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v23/z7NHdQDnbTkabZAIOl9il_O6KJj73e7Fd_-7suD8Sr2V6As.wo
Source: chromecache_102.2.dr String found in binary or memory: https://github.com/nickpettit/glide
Source: chromecache_84.2.dr String found in binary or memory: https://idp.accreditor.com:8443/realms/ACEP
Source: chromecache_102.2.dr String found in binary or memory: https://s3.amazonaws.com/acep-assets/global/ACEP_Logo_WhiteBox.svg)
Source: chromecache_84.2.dr String found in binary or memory: https://server.iad.liveperson.net/hc/55780551/?cmd=mTagRepstate&site=55780551&buttonID=2&divID=lpBut
Source: chromecache_116.2.dr String found in binary or memory: https://signin.acep.org/idp/SAML/SSOService
Source: chromecache_84.2.dr String found in binary or memory: https://webapps.acep.org/globalstyles/css/acep.css
Source: chromecache_84.2.dr String found in binary or memory: https://webapps.acep.org/globalstyles/images/acep-logo.png
Source: chromecache_84.2.dr String found in binary or memory: https://webapps.acep.org/membership/account/#home?org=ACEP
Source: chromecache_84.2.dr String found in binary or memory: https://webapps.acep.org/membership/account/#signin-help?org=ACEP
Source: chromecache_84.2.dr String found in binary or memory: https://www.acep.org
Source: chromecache_96.2.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engine Classification label: clean3.win@17/69@16/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1996,i,6191952465394955606,14156056351467018374,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://idp.accreditor.com:8443/realms/ACEP/protocol/openid-connect/auth?client_id=survey_spa&redirect_uri=https%3A%2F%2Facep.accreditor.com%2Flogin%2Fcallback&state=bed2bb9f-0f49-4e40-b2dc-a9bd88fa3533&response_mode=fragment&response_type=code&scope=openid&nonce=6d8857dc-4652-434f-938f-d5340af9b3da&kc_idp_hint=ACEP"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1996,i,6191952465394955606,14156056351467018374,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1624483 URL: https://idp.accreditor.com:... Startdate: 26/02/2025 Architecture: WINDOWS Score: 3 5 chrome.exe 9 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.8, 138, 443, 49509 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 idp.accreditor.com 98.85.25.73, 49715, 49716, 49719 TWC-11351-NORTHEASTUS United States 10->17 19 www.google.com 172.217.18.4, 443, 49713, 49750 GOOGLEUS United States 10->19 21 8 other IPs or domains 10->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
34.236.106.246
 webapps.acep.org United States
14618 AMAZON-AESUS false
172.217.18.4
 www.google.com United States
15169 GOOGLEUS false
98.85.25.73
 idp.accreditor.com United States
11351 TWC-11351-NORTHEASTUS false
239.255.255.250
 unknown Reserved
unknown unknown false
2.23.77.188
 e3913.cd.akamaiedge.net European Union
16625 AKAMAI-ASUS false

Private

IP
192.168.2.8

Contacted Domains

Name IP Active
idp.accreditor.com 98.85.25.73 true
e3913.cd.akamaiedge.net 2.23.77.188 true
www.google.com 172.217.18.4 true
webapps.acep.org 34.236.106.246 true
_8443._https.idp.accreditor.com unknown unknown
signin.acep.org unknown unknown
cacerts.rapidssl.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt false
    		high
    https://idp.accreditor.com:8443/realms/ACEP/broker/ACEP/login?session_code=t-28va_hgtXawpLA1MIwY_koblECmRrRIgsppjZhbQs&client_id=survey_spa&tab_id=1R2-RyxCrK4&client_data=eyJydSI6Imh0dHBzOi8vYWNlcC5hY2NyZWRpdG9yLmNvbS9sb2dpbi9jYWxsYmFjayIsInJ0IjoiY29kZSIsInJtIjoiZnJhZ21lbnQiLCJzdCI6ImJlZDJiYjlmLTBmNDktNGU0MC1iMmRjLWE5YmQ4OGZhMzUzMyJ9 false
      		unknown
      https://signin.acep.org/idp/Account/Login?ReturnUrl=%2fidp%2fSAML%2fSSOService&sp=https://idp.accreditor.com:8443/realms/ACEP false
        		unknown
        https://signin.acep.org/idp/shared/plugins/font-awesome/css/fonts?v=X_airX47mKrD6g-ole8bweSNDfy9OJ22oLvff2HBjqA1 false
        • Avira URL Cloud: safe
        		 unknown
        https://signin.acep.org/idp/shared/plugins/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0 false
        • Avira URL Cloud: safe
        		 unknown
        https://signin.acep.org/idp/bundles/js/modernizr?v=_crq2QUT7I_NAMAaEv7T-Hgr0jkqYYHmaNBKKo2em_Q1 false
        • Avira URL Cloud: safe
        		 unknown
        https://webapps.acep.org/globalstyles/images/acep-logo.png false
        • Avira URL Cloud: safe
        		 unknown
        https://signin.acep.org/idp/Shared/Plugins/bootstrap/css/bootstrap?v=vswpsa-6cYDdkhEXxzMMZINvA1I-oLa95OwEW8wuIGs1 false
        • Avira URL Cloud: safe
        		 unknown
        https://signin.acep.org/idp/SAML/SSOService false
        • Avira URL Cloud: safe
        		 unknown
        https://signin.acep.org/idp/bundles/js/jquery?v=jphFfUbP7Hvea2DMaBYOvcAOrrN865neaas9rlTBs-c1 false
        • Avira URL Cloud: safe
        		 unknown
        https://webapps.acep.org/globalstyles/css/acep.css false
        • Avira URL Cloud: safe
        		 unknown
        https://signin.acep.org/favicon.ico false
        • Avira URL Cloud: safe
        		 unknown
        https://webapps.acep.org/globalstyles/images/acep_logo.svg false
        • Avira URL Cloud: safe
        		 unknown