Windows Analysis Report
https://www.firstecomplete.com

Overview

General Information

Sample URL:	https://www.firstecomplete.com
Analysis ID:	1523391
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

HTML body contains low number of good links

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: Title: E-Complete Payment Option does not match URL

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: No favicon

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: No <meta name="author".. found

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49738 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 13.95.65.251
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.firstecomplete.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Secured/EcompletePaymentOption/styles/EcompleteStyle.css?v=1 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /JavaScript/MainView.js?v=1 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /JavaScript/jqueryConfirm.js HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=yaUIRZP2BxuchGMRpHK-PW27W1wPkpaEWf4v2UdnfBq08EBqGeF9zhziqBFObI894wL7VIAZ2hqkK5ovbH_WxzOKEtH1Y_w_3P3aEKCjubexRXpGhOCoB_uM-bLQ6irt0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=635O8dWR2vwElIyx754oL7z_LOmgDHd4OuEuKB20_Av1-l21ZukpdZhm8e67dSgZ8_S0OApUzE78osQTyUXsmt1Z7gSEIkjlvnXzOj3ihqLjHiSu0UT2jpQ5QZ16Jdhr0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=ylVZOvouK_BkjsCX7QFfPJAJMpaYKcS99qSktRmlKarFwE3Pkv3Y99K6p-FsNZNh1F-RskGsm9kGWkSwi4IuOf01LPxXRyHNxsyLOEv9Hyng1H93GWLaTg2&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /ajax/libs/bootstrap/5.1.3/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pbs.first-quotes.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pbs.first-quotes.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pbs.first-quotes.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=360wl-vvFvG9u7MHYpZnn88VVBcg-v0fizLjSuxbKS8PLQrfQzo3pawTgvQR_1z-nTNIe9XSjTdz-M8r17k0XKyAYVWSn4SZL7x0w4ghBGU1dnCq-0L9Zn1WrMu_3PMufrARYQnx2CI1&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=4Doe9-T2x8bzL-X_T_9dOCpxMQsSu2AA8S6eSXTsiANjo_FH87PF5zy8wAdzn2Fk_NBiGdKnwOa64Nzcikoe5Eqb49Xx-M_vMZ8yREHoXbL2CpSCp8gmBE2hfM95agPiV3JPN6xtwE0yvhTFDZ8zHWquXrSMdJfW0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /tempretriever.i1handler?LiteralName=FVKEq3IPMve6KUPUNwOkao3OhAhMyWAwlMEWZAiiZN8ifpXQ0n0pPMJbFd1qGTfECpM%3d&inline=1&ClientFileName=%22logo_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /tempretriever.i1handler?LiteralName=kLiqw5I4FCTaTQ7AvuoflBzCap%2bM4PSrTrpOWRrWjtD6pMGH_agwxSZSxobh0jivo8o%3d&inline=1&ClientFileName=%22logo_primary_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=ylVZOvouK_BkjsCX7QFfPJAJMpaYKcS99qSktRmlKarFwE3Pkv3Y99K6p-FsNZNh1F-RskGsm9kGWkSwi4IuOf01LPxXRyHNxsyLOEv9Hyng1H93GWLaTg2&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /JavaScript/jqueryConfirm.js HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=yaUIRZP2BxuchGMRpHK-PW27W1wPkpaEWf4v2UdnfBq08EBqGeF9zhziqBFObI894wL7VIAZ2hqkK5ovbH_WxzOKEtH1Y_w_3P3aEKCjubexRXpGhOCoB_uM-bLQ6irt0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=635O8dWR2vwElIyx754oL7z_LOmgDHd4OuEuKB20_Av1-l21ZukpdZhm8e67dSgZ8_S0OApUzE78osQTyUXsmt1Z7gSEIkjlvnXzOj3ihqLjHiSu0UT2jpQ5QZ16Jdhr0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /JavaScript/MainView.js?v=1 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=360wl-vvFvG9u7MHYpZnn88VVBcg-v0fizLjSuxbKS8PLQrfQzo3pawTgvQR_1z-nTNIe9XSjTdz-M8r17k0XKyAYVWSn4SZL7x0w4ghBGU1dnCq-0L9Zn1WrMu_3PMufrARYQnx2CI1&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=4Doe9-T2x8bzL-X_T_9dOCpxMQsSu2AA8S6eSXTsiANjo_FH87PF5zy8wAdzn2Fk_NBiGdKnwOa64Nzcikoe5Eqb49Xx-M_vMZ8yREHoXbL2CpSCp8gmBE2hfM95agPiV3JPN6xtwE0yvhTFDZ8zHWquXrSMdJfW0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET /tempretriever.i1handler?LiteralName=kLiqw5I4FCTaTQ7AvuoflBzCap%2bM4PSrTrpOWRrWjtD6pMGH_agwxSZSxobh0jivo8o%3d&inline=1&ClientFileName=%22logo_primary_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET /tempretriever.i1handler?LiteralName=FVKEq3IPMve6KUPUNwOkao3OhAhMyWAwlMEWZAiiZN8ifpXQ0n0pPMJbFd1qGTfECpM%3d&inline=1&ClientFileName=%22logo_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET //sessionpoller.i1handler?SS=311f675f-5024-436a-aed7-33cd36104033&interval=60&time=1727791786794 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5
Source: global traffic	HTTP traffic detected: GET //sessionpoller.i1handler?SS=311f675f-5024-436a-aed7-33cd36104033&interval=60&time=1727791786794 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:019fdae8-d04f-4417-87f0-67929cc40a0e\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.firstecomplete.com
Source: global traffic	DNS traffic detected: DNS query: pbs.first-quotes.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlX-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockContent-Security-Policy: default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';Referrer-Policy: strict-originExpect-CT: max-age=86400X-Content-Type-Options: nosniffPermissions-Policy: camera=(), microphone=()Strict-Transport-Security: max-age=15768000; includeSubDomains; preloadSERVER: Date: Tue, 01 Oct 2024 13:08:04 GMTContent-Length: 1245Strict-Transport-Security: max-age=4294967294

Source: chromecache_74.4.dr, chromecache_82.4.dr, chromecache_80.4.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_74.4.dr, chromecache_82.4.dr, chromecache_80.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_74.4.dr, chromecache_82.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_76.4.dr, chromecache_67.4.dr	String found in binary or memory: https://jhildenbiddle.github.io/css-vars-ponyfill/#/?id=options
Source: chromecache_76.4.dr, chromecache_67.4.dr	String found in binary or memory: https://stackoverflow.com/questions/46429937/ie11-does-a-polyfill-script-exist-for-css-variables

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49738 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/41@12/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2020,i,10643037783213046967,8917316618196899812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.firstecomplete.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2020,i,10643037783213046967,8917316618196899812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.212.164	www.google.com	United States	15169	GOOGLEUS	false
161.199.76.40	www.firstecomplete.com	United States	398097	WINTRUST-FINANCIAL-CORPORATION-EG-ILUS	false
161.199.76.39	pbs.first-quotes.com	United States	398097	WINTRUST-FINANCIAL-CORPORATION-EG-ILUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
pbs.first-quotes.com	161.199.76.39	true
www.firstecomplete.com	161.199.76.40	true
cdnjs.cloudflare.com	104.17.25.14	true
www.google.com	216.58.212.164	true

Contacted URLs

Name	Malicious	Reputation
https://www.firstecomplete.com/	false	unknown
https://pbs.first-quotes.com/WebResource.axd?d=4Doe9-T2x8bzL-X_T_9dOCpxMQsSu2AA8S6eSXTsiANjo_FH87PF5zy8wAdzn2Fk_NBiGdKnwOa64Nzcikoe5Eqb49Xx-M_vMZ8yREHoXbL2CpSCp8gmBE2hfM95agPiV3JPN6xtwE0yvhTFDZ8zHWquXrSMdJfW0&t=638617536140000000	false	unknown
https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx	false	unknown
https://pbs.first-quotes.com/WebResource.axd?d=ylVZOvouK_BkjsCX7QFfPJAJMpaYKcS99qSktRmlKarFwE3Pkv3Y99K6p-FsNZNh1F-RskGsm9kGWkSwi4IuOf01LPxXRyHNxsyLOEv9Hyng1H93GWLaTg2&t=638617536140000000	false	unknown
https://pbs.first-quotes.com/JavaScript/MainView.js?v=1	false	unknown
https://pbs.first-quotes.com/JavaScript/jqueryConfirm.js	false	unknown
https://pbs.first-quotes.com/tempretriever.i1handler?LiteralName=kLiqw5I4FCTaTQ7AvuoflBzCap%2bM4PSrTrpOWRrWjtD6pMGH_agwxSZSxobh0jivo8o%3d&inline=1&ClientFileName=%22logo_primary_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033	false	unknown
https://pbs.first-quotes.com/WebResource.axd?d=635O8dWR2vwElIyx754oL7z_LOmgDHd4OuEuKB20_Av1-l21ZukpdZhm8e67dSgZ8_S0OApUzE78osQTyUXsmt1Z7gSEIkjlvnXzOj3ihqLjHiSu0UT2jpQ5QZ16Jdhr0&t=638617536140000000	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.3/css/bootstrap.min.css	false	unknown
https://pbs.first-quotes.com/WebResource.axd?d=360wl-vvFvG9u7MHYpZnn88VVBcg-v0fizLjSuxbKS8PLQrfQzo3pawTgvQR_1z-nTNIe9XSjTdz-M8r17k0XKyAYVWSn4SZL7x0w4ghBGU1dnCq-0L9Zn1WrMu_3PMufrARYQnx2CI1&t=638617536140000000	false	unknown
https://pbs.first-quotes.com//sessionpoller.i1handler?SS=311f675f-5024-436a-aed7-33cd36104033&interval=60&time=1727791786794	false	unknown
https://pbs.first-quotes.com/Secured/EcompletePaymentOption/styles/EcompleteStyle.css?v=1	false	unknown
https://pbs.first-quotes.com/favicon.ico	false	unknown
https://pbs.first-quotes.com/tempretriever.i1handler?LiteralName=FVKEq3IPMve6KUPUNwOkao3OhAhMyWAwlMEWZAiiZN8ifpXQ0n0pPMJbFd1qGTfECpM%3d&inline=1&ClientFileName=%22logo_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033	false	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 59	PNG image data, 241 x 59, 8-bit/color RGBA, non-interlaced	5886DE170F4AEC9BA4251033D91CCEE3	B682C4E4160EFDF1869C13C20BE37C6CBACEA57D	4D79DD9B59D5F8929AA9551D3C14EAB1936081732622F30D1AF1B7430E8C63F7
Chrome Cache Entry: 60	ASCII text, with CRLF line terminators	36445344085FF1A972D030E78F1D8F4F	ED54AFF79A139BE47E6E80344EF78B3B8D1C54BE	330ED4ED071BD71BB98F3DF10A2A0DE9513FF586D87F6C60D5E3BFF354A00FDC
Chrome Cache Entry: 61	ASCII text, with very long lines (14900), with no line terminators	9B2E64B2D2F58DFB68A14E8873409D84	82D079803A82FE713A4AE1FB69BAAAFC0D915276	38475B9D8B21E9D6D5FE66C6B6F14F7B6603AF287514EDD48CA004FCB936D85E
Chrome Cache Entry: 62	PNG image data, 402 x 43, 8-bit/color RGBA, non-interlaced	FEDF555A3F738BD48BBA7B86C235B12B	DE11673BF5EB896C15CE8A9E355A6036162C9112	1B9D04602C8889B84D419F9750FE9E9AF6E563E96FEAA8DFD9FF11D3F6CD9535
Chrome Cache Entry: 63	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 64	HTML document, ASCII text, with CRLF line terminators	4AB4B80E67032708F326ED03C64C7060	2657B67332205F80D7C198408D07543AD95701F3	E572CBB858079300ED7279C79508A6C5AFC7F1914F9E72F3FC35F6D65409FF02
Chrome Cache Entry: 65	ASCII text, with CRLF line terminators	36445344085FF1A972D030E78F1D8F4F	ED54AFF79A139BE47E6E80344EF78B3B8D1C54BE	330ED4ED071BD71BB98F3DF10A2A0DE9513FF586D87F6C60D5E3BFF354A00FDC
Chrome Cache Entry: 66	ASCII text, with very long lines (1742), with no line terminators	11F3B437F58799BBD200197803B37A39	1B8D073942458C73BB8D6D928F1C6679D4AB4811	62EB21299CB903B3543B0741FB3D92A0E3C455B5DABF51FA7CD196110ED53384
Chrome Cache Entry: 67	Unicode text, UTF-8 (with BOM) text, with very long lines (651), with CRLF line terminators	BE1F0F2E7F5CC055ECD723BD595FA613	CB48950C38BE928F9D230E87712314F34179BEBB	2785BD16DFA66C50A1F43B45D3156096AED64E3C49D23B7251E890AEF21E68F0
Chrome Cache Entry: 68	ASCII text, with very long lines (547), with no line terminators	2AC36208A83B35EF7B12FB924056866C	2AD7E09A02DF8EEE9690B24EF182C8CAE11DCBBA	D030C9E9E602A07B4142E8F63A6F3164ADAAC9E2AF593B8FA812C0E8E803B4C0
Chrome Cache Entry: 69	ASCII text, with no line terminators	55397855AB03C86441E65BBC624CDEC7	71738790EF2F2802F65A192A583D5429CD171968	D5E0B432FEEE1C78748A8C83DF563EB2555368DE1BCAB1957E22EC8A1156AE4F
Chrome Cache Entry: 70	ASCII text, with very long lines (1742), with no line terminators	11F3B437F58799BBD200197803B37A39	1B8D073942458C73BB8D6D928F1C6679D4AB4811	62EB21299CB903B3543B0741FB3D92A0E3C455B5DABF51FA7CD196110ED53384
Chrome Cache Entry: 71	PNG image data, 241 x 59, 8-bit/color RGBA, non-interlaced	5886DE170F4AEC9BA4251033D91CCEE3	B682C4E4160EFDF1869C13C20BE37C6CBACEA57D	4D79DD9B59D5F8929AA9551D3C14EAB1936081732622F30D1AF1B7430E8C63F7
Chrome Cache Entry: 72	PNG image data, 402 x 43, 8-bit/color RGBA, non-interlaced	FEDF555A3F738BD48BBA7B86C235B12B	DE11673BF5EB896C15CE8A9E355A6036162C9112	1B9D04602C8889B84D419F9750FE9E9AF6E563E96FEAA8DFD9FF11D3F6CD9535
Chrome Cache Entry: 73	ASCII text, with CRLF line terminators	40C594370BCD801177837B52A4565536	96246FE69FA2CB72A55EEF85895DF8C623707DCD	310CA60823C12918FA5F16023D125295225B3031F7B0670C7B11C37B90FB7AFF
Chrome Cache Entry: 74	ASCII text, with very long lines (58940)	259E416EF6833BE43801B8B68A93B008	19080C3B817985336AAB5E1CE6925C99803F2EFD	70C3D690BDC5CE3B9A1527C46044989A3176E610882FA99F4523E75BC395BCCE
Chrome Cache Entry: 75	HTML document, ASCII text, with CRLF line terminators	4AB4B80E67032708F326ED03C64C7060	2657B67332205F80D7C198408D07543AD95701F3	E572CBB858079300ED7279C79508A6C5AFC7F1914F9E72F3FC35F6D65409FF02
Chrome Cache Entry: 76	Unicode text, UTF-8 (with BOM) text, with very long lines (651), with CRLF line terminators	BE1F0F2E7F5CC055ECD723BD595FA613	CB48950C38BE928F9D230E87712314F34179BEBB	2785BD16DFA66C50A1F43B45D3156096AED64E3C49D23B7251E890AEF21E68F0
Chrome Cache Entry: 77	ASCII text, with very long lines (14900), with no line terminators	9B2E64B2D2F58DFB68A14E8873409D84	82D079803A82FE713A4AE1FB69BAAAFC0D915276	38475B9D8B21E9D6D5FE66C6B6F14F7B6603AF287514EDD48CA004FCB936D85E
Chrome Cache Entry: 78	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 79	HTML document, ASCII text, with CRLF line terminators	5343C1A8B203C162A3BF3870D9F50FD4	04B5B886C20D88B57EEA6D8FF882624A4AC1E51D	DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
Chrome Cache Entry: 80	Unicode text, UTF-8 text, with very long lines (65306)	94994C66FEC8C3468B269DC0CC242151	EC16BD19BF4AE9BC2E2336AC409A503BBBDAACAD	62F74B1CF824A89F03554C638E719594C309B4D8A627A758928C0516FA7890AB
Chrome Cache Entry: 81	ASCII text, with very long lines (547), with no line terminators	2AC36208A83B35EF7B12FB924056866C	2AD7E09A02DF8EEE9690B24EF182C8CAE11DCBBA	D030C9E9E602A07B4142E8F63A6F3164ADAAC9E2AF593B8FA812C0E8E803B4C0
Chrome Cache Entry: 82	ASCII text, with very long lines (58940)	259E416EF6833BE43801B8B68A93B008	19080C3B817985336AAB5E1CE6925C99803F2EFD	70C3D690BDC5CE3B9A1527C46044989A3176E610882FA99F4523E75BC395BCCE
Chrome Cache Entry: 83	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	449D0D32B6B2A5440966084760EBBABE	C9E34DAB33203CAE932DC2055F1E8DF288008A24	BE2F158DE44EC4965A08B12FBA2892529D994FBC7F7089FB79318A5A0CF5FB93
Chrome Cache Entry: 84	ASCII text, with CRLF line terminators	40C594370BCD801177837B52A4565536	96246FE69FA2CB72A55EEF85895DF8C623707DCD	310CA60823C12918FA5F16023D125295225B3031F7B0670C7B11C37B90FB7AFF

HTML body contains low number of good links

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: Title: E-Complete Payment Option does not match URL

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: No favicon

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: No <meta name="author".. found

Source: https://pbs.first-quotes.com/Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49738 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 13.95.65.251
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.firstecomplete.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Secured/EcompletePaymentOption/EcompletePaymentLogin.aspx HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Secured/EcompletePaymentOption/styles/EcompleteStyle.css?v=1 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /JavaScript/MainView.js?v=1 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /JavaScript/jqueryConfirm.js HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=yaUIRZP2BxuchGMRpHK-PW27W1wPkpaEWf4v2UdnfBq08EBqGeF9zhziqBFObI894wL7VIAZ2hqkK5ovbH_WxzOKEtH1Y_w_3P3aEKCjubexRXpGhOCoB_uM-bLQ6irt0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=635O8dWR2vwElIyx754oL7z_LOmgDHd4OuEuKB20_Av1-l21ZukpdZhm8e67dSgZ8_S0OApUzE78osQTyUXsmt1Z7gSEIkjlvnXzOj3ihqLjHiSu0UT2jpQ5QZ16Jdhr0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=ylVZOvouK_BkjsCX7QFfPJAJMpaYKcS99qSktRmlKarFwE3Pkv3Y99K6p-FsNZNh1F-RskGsm9kGWkSwi4IuOf01LPxXRyHNxsyLOEv9Hyng1H93GWLaTg2&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /ajax/libs/bootstrap/5.1.3/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pbs.first-quotes.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pbs.first-quotes.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pbs.first-quotes.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=360wl-vvFvG9u7MHYpZnn88VVBcg-v0fizLjSuxbKS8PLQrfQzo3pawTgvQR_1z-nTNIe9XSjTdz-M8r17k0XKyAYVWSn4SZL7x0w4ghBGU1dnCq-0L9Zn1WrMu_3PMufrARYQnx2CI1&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=4Doe9-T2x8bzL-X_T_9dOCpxMQsSu2AA8S6eSXTsiANjo_FH87PF5zy8wAdzn2Fk_NBiGdKnwOa64Nzcikoe5Eqb49Xx-M_vMZ8yREHoXbL2CpSCp8gmBE2hfM95agPiV3JPN6xtwE0yvhTFDZ8zHWquXrSMdJfW0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /tempretriever.i1handler?LiteralName=FVKEq3IPMve6KUPUNwOkao3OhAhMyWAwlMEWZAiiZN8ifpXQ0n0pPMJbFd1qGTfECpM%3d&inline=1&ClientFileName=%22logo_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /tempretriever.i1handler?LiteralName=kLiqw5I4FCTaTQ7AvuoflBzCap%2bM4PSrTrpOWRrWjtD6pMGH_agwxSZSxobh0jivo8o%3d&inline=1&ClientFileName=%22logo_primary_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/bootstrap/5.1.3/js/bootstrap.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=ylVZOvouK_BkjsCX7QFfPJAJMpaYKcS99qSktRmlKarFwE3Pkv3Y99K6p-FsNZNh1F-RskGsm9kGWkSwi4IuOf01LPxXRyHNxsyLOEv9Hyng1H93GWLaTg2&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /JavaScript/jqueryConfirm.js HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=yaUIRZP2BxuchGMRpHK-PW27W1wPkpaEWf4v2UdnfBq08EBqGeF9zhziqBFObI894wL7VIAZ2hqkK5ovbH_WxzOKEtH1Y_w_3P3aEKCjubexRXpGhOCoB_uM-bLQ6irt0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=635O8dWR2vwElIyx754oL7z_LOmgDHd4OuEuKB20_Av1-l21ZukpdZhm8e67dSgZ8_S0OApUzE78osQTyUXsmt1Z7gSEIkjlvnXzOj3ihqLjHiSu0UT2jpQ5QZ16Jdhr0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /JavaScript/MainView.js?v=1 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADRUM_BTa=R:0\|g:f79059ed-1889-46c1-af20-a8fb732c2dcb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None; ADRUM_BT1=R:0\|i:2648624; backIndex=0
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=360wl-vvFvG9u7MHYpZnn88VVBcg-v0fizLjSuxbKS8PLQrfQzo3pawTgvQR_1z-nTNIe9XSjTdz-M8r17k0XKyAYVWSn4SZL7x0w4ghBGU1dnCq-0L9Zn1WrMu_3PMufrARYQnx2CI1&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=4Doe9-T2x8bzL-X_T_9dOCpxMQsSu2AA8S6eSXTsiANjo_FH87PF5zy8wAdzn2Fk_NBiGdKnwOa64Nzcikoe5Eqb49Xx-M_vMZ8yREHoXbL2CpSCp8gmBE2hfM95agPiV3JPN6xtwE0yvhTFDZ8zHWquXrSMdJfW0&t=638617536140000000 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET /tempretriever.i1handler?LiteralName=kLiqw5I4FCTaTQ7AvuoflBzCap%2bM4PSrTrpOWRrWjtD6pMGH_agwxSZSxobh0jivo8o%3d&inline=1&ClientFileName=%22logo_primary_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET /tempretriever.i1handler?LiteralName=FVKEq3IPMve6KUPUNwOkao3OhAhMyWAwlMEWZAiiZN8ifpXQ0n0pPMJbFd1qGTfECpM%3d&inline=1&ClientFileName=%22logo_thumb.jpg%22&mimeType=image%2fjpeg&SS=311f675f-5024-436a-aed7-33cd36104033 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: SameSite=None; backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:e235bdc3-ecb1-452d-a3b9-ea5a457addeb\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae
Source: global traffic	HTTP traffic detected: GET //sessionpoller.i1handler?SS=311f675f-5024-436a-aed7-33cd36104033&interval=60&time=1727791786794 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pbs.first-quotes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5
Source: global traffic	HTTP traffic detected: GET //sessionpoller.i1handler?SS=311f675f-5024-436a-aed7-33cd36104033&interval=60&time=1727791786794 HTTP/1.1Host: pbs.first-quotes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: backIndex=1; ASP.NET_SessionID=c2zlbe3nobgv0bcbu0kqooh5; ADRUM_BTa=R:29\|g:019fdae8-d04f-4417-87f0-67929cc40a0e\|n:wintrust_15dcf551-a2c3-4a26-88f2-fdaa934ee7ae; SameSite=None

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.firstecomplete.com
Source: global traffic	DNS traffic detected: DNS query: pbs.first-quotes.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: global traffic

Source: chromecache_74.4.dr, chromecache_82.4.dr, chromecache_80.4.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_74.4.dr, chromecache_82.4.dr, chromecache_80.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_74.4.dr, chromecache_82.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_76.4.dr, chromecache_67.4.dr	String found in binary or memory: https://jhildenbiddle.github.io/css-vars-ponyfill/#/?id=options
Source: chromecache_76.4.dr, chromecache_67.4.dr	String found in binary or memory: https://stackoverflow.com/questions/46429937/ie11-does-a-polyfill-script-exist-for-css-variables

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49738 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/41@12/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2020,i,10643037783213046967,8917316618196899812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.firstecomplete.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2020,i,10643037783213046967,8917316618196899812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1523391
Product:	CloudBasic
Start time:	15:06:55
Start date:	01.10.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://www.firstecomplete.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://www.firstecomplete.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://www.firstecomplete.com