hxxps://denotificationservices[.]bbcportal[.]com/Entry

Analysis

max time kernel
129s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 18:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://denotificationservices.bbcportal.com/Entry

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445463997585143"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
264	chrome.exe
264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 3232	3320	chrome.exe	21
PID 3320 wrote to memory of 3232	3320	chrome.exe	21
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2480	3320	chrome.exe	89
PID 3320 wrote to memory of 2860	3320	chrome.exe	91
PID 3320 wrote to memory of 2860	3320	chrome.exe	91
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90
PID 3320 wrote to memory of 4688	3320	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://denotificationservices.bbcportal.com/Entry
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef3409758,0x7ffef3409768,0x7ffef3409778
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4772

Network

DNS

denotificationservices.bbcportal.com

chrome.exe

Remote address:

8.8.8.8:53

Request

denotificationservices.bbcportal.com

IN A

Response

denotificationservices.bbcportal.com

IN CNAME

prod-alb-external-1034143959.us-west-2.elb.amazonaws.com

prod-alb-external-1034143959.us-west-2.elb.amazonaws.com

IN A

54.191.69.23

prod-alb-external-1034143959.us-west-2.elb.amazonaws.com

IN A

54.244.115.141
DNS

68.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.126.40.in-addr.arpa

IN PTR

Response
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f101e100net

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f106�I
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

23.69.191.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.69.191.54.in-addr.arpa

IN PTR

Response

23.69.191.54.in-addr.arpa

IN PTR

ec2-54-191-69-23 us-west-2compute amazonawscom
DNS

denotificationservices.portal.finalsiteconnect.com

chrome.exe

Remote address:

8.8.8.8:53

Request

denotificationservices.portal.finalsiteconnect.com

IN A

Response

denotificationservices.portal.finalsiteconnect.com

IN CNAME

prod-alb-external-1034143959.us-west-2.elb.amazonaws.com

prod-alb-external-1034143959.us-west-2.elb.amazonaws.com

IN A

54.191.69.23

prod-alb-external-1034143959.us-west-2.elb.amazonaws.com

IN A

54.244.115.141
DNS

249.194.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.194.19.2.in-addr.arpa

IN PTR

Response

249.194.19.2.in-addr.arpa

IN PTR

a2-19-194-249deploystaticakamaitechnologiescom
DNS

198.52.96.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.52.96.20.in-addr.arpa

IN PTR

Response
DNS

103.94.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.94.239.18.in-addr.arpa

IN PTR

Response

103.94.239.18.in-addr.arpa

IN PTR

server-18-239-94-103ams1r cloudfrontnet
DNS

serverapi.arcgisonline.com

chrome.exe

Remote address:

8.8.8.8:53

Request

serverapi.arcgisonline.com

IN A

Response

serverapi.arcgisonline.com

IN CNAME

serverapivpc-431199233.us-east-1.elb.amazonaws.com

serverapivpc-431199233.us-east-1.elb.amazonaws.com

IN A

52.21.75.95

serverapivpc-431199233.us-east-1.elb.amazonaws.com

IN A

52.86.130.216
DNS

198.1.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.1.85.104.in-addr.arpa

IN PTR

Response

198.1.85.104.in-addr.arpa

IN PTR

a104-85-1-198deploystaticakamaitechnologiescom
DNS

95.75.21.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.75.21.52.in-addr.arpa

IN PTR

Response

95.75.21.52.in-addr.arpa

IN PTR

ec2-52-21-75-95 compute-1 amazonawscom
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.251.36.42

content-autofill.googleapis.com

IN A

172.217.168.234

content-autofill.googleapis.com

IN A

142.250.179.170

content-autofill.googleapis.com

IN A

142.250.179.202

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

172.217.168.202

content-autofill.googleapis.com

IN A

172.217.23.202

content-autofill.googleapis.com

IN A

216.58.208.106

content-autofill.googleapis.com

IN A

216.58.214.10

content-autofill.googleapis.com

IN A

142.250.179.138
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwm42Or4DGFzpxIFDaNMX0gSBQ1b39LDEiwJwy3O0xFBvysSBQ0WMZ7PEgUNGM4RHBIFDaPT_sgSBQ2rAAnrEgUN_-P9TBIQCUqz3lGL_vEDEgUNKVxULQ==?alt=proto

chrome.exe

Remote address:

142.251.36.42:443

Request

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwm42Or4DGFzpxIFDaNMX0gSBQ1b39LDEiwJwy3O0xFBvysSBQ0WMZ7PEgUNGM4RHBIFDaPT_sgSBQ2rAAnrEgUN_-P9TBIQCUqz3lGL_vEDEgUNKVxULQ==?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CNDiygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

js-agent.newrelic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

js-agent.newrelic.com

IN A

Response

js-agent.newrelic.com

IN CNAME

k.sni.global.fastly.net

k.sni.global.fastly.net

IN A

151.101.2.137

k.sni.global.fastly.net

IN A

151.101.66.137

k.sni.global.fastly.net

IN A

151.101.130.137

k.sni.global.fastly.net

IN A

151.101.194.137
GET

https://js-agent.newrelic.com/nr-spa-1216.min.js

chrome.exe

Remote address:

151.101.2.137:443

Request

GET /nr-spa-1216.min.js HTTP/2.0
host: js-agent.newrelic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://denotificationservices.portal.finalsiteconnect.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: FUigxCcWBswZn8ipZsVP9GVNNEjjAcBAHssxrglC+D9cDuP7zT37S1fi1bt1p8maZuv9Qc5uul0=
x-amz-request-id: EQ1MZYFK7SE50Z86
last-modified: Wed, 18 Oct 2023 21:31:16 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
x-amz-version-id: MElzWumrf8lREc3kORDlSWHVtEZAK4m8
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
content-encoding: br
accept-ranges: bytes
date: Wed, 15 Nov 2023 18:26:39 GMT
via: 1.1 varnish
x-served-by: cache-ams21072-AMS
x-cache: HIT
x-cache-hits: 389193
x-timer: S1700072799.298075,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=300
content-length: 19141
DNS

bam.nr-data.net

chrome.exe

Remote address:

8.8.8.8:53

Request

bam.nr-data.net

IN A

Response

bam.nr-data.net

IN CNAME

bam.cell.nr-data.net

bam.cell.nr-data.net

IN CNAME

bam.nr-data.net.cdn.cloudflare.net

bam.nr-data.net.cdn.cloudflare.net

IN A

162.247.241.14
GET

https://bam.nr-data.net/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=4651&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry&ap=80&be=2413&fe=4428&dc=3810&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1700072793242,%22n%22:0,%22f%22:1519,%22dn%22:1523,%22dne%22:1571,%22c%22:1571,%22s%22:1747,%22ce%22:1959,%22rq%22:1960,%22rp%22:2364,%22rpe%22:2423,%22dl%22:2385,%22di%22:3809,%22ds%22:3810,%22de%22:3844,%22dc%22:4428,%22l%22:4428,%22le%22:4430%7D,%22navigation%22:%7B%7D%7D&fp=3535&fcp=3537&jsonp=NREUM.setToken

chrome.exe

Remote address:

162.247.241.14:443

Request

GET /1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=4651&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry&ap=80&be=2413&fe=4428&dc=3810&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1700072793242,%22n%22:0,%22f%22:1519,%22dn%22:1523,%22dne%22:1571,%22c%22:1571,%22s%22:1747,%22ce%22:1959,%22rq%22:1960,%22rp%22:2364,%22rpe%22:2423,%22dl%22:2385,%22di%22:3809,%22ds%22:3810,%22de%22:3844,%22dc%22:4428,%22l%22:4428,%22le%22:4430%7D,%22navigation%22:%7B%7D%7D&fp=3535&fcp=3537&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://denotificationservices.portal.finalsiteconnect.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Wed, 15 Nov 2023 18:26:39 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 82698b3498631c9e-AMS
CF-Cache-Status: DYNAMIC
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=9c3465ea0195e76f; Path=/; Domain=.nr-data.net; Secure; SameSite=None
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
POST

https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=5037&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

chrome.exe

Remote address:

162.247.241.14:443

Request

POST /events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=5037&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
Host: bam.nr-data.net
Connection: keep-alive
Content-Length: 212
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://denotificationservices.portal.finalsiteconnect.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://denotificationservices.portal.finalsiteconnect.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=9c3465ea0195e76f

Response

HTTP/1.1 200 OK

Date: Wed, 15 Nov 2023 18:26:39 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 82698b363a481c9e-AMS
CF-Cache-Status: DYNAMIC
Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
POST

https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=14657&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

chrome.exe

Remote address:

162.247.241.14:443

Request

POST /events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=14657&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
Host: bam.nr-data.net
Connection: keep-alive
Content-Length: 68
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://denotificationservices.portal.finalsiteconnect.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://denotificationservices.portal.finalsiteconnect.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=9c3465ea0195e76f

Response

HTTP/1.1 200 OK

Date: Wed, 15 Nov 2023 18:26:49 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 82698b725e1a1c9e-AMS
CF-Cache-Status: DYNAMIC
Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
POST

https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=65029&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

chrome.exe

Remote address:

162.247.241.14:443

Request

POST /jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=65029&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
Host: bam.nr-data.net
Connection: keep-alive
Content-Length: 612
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://denotificationservices.portal.finalsiteconnect.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://denotificationservices.portal.finalsiteconnect.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=9c3465ea0195e76f

Response

HTTP/1.1 200 OK

Date: Wed, 15 Nov 2023 18:27:39 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 82698cad38c11c9e-AMS
CF-Cache-Status: DYNAMIC
Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
POST

https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=74678&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

chrome.exe

Remote address:

162.247.241.14:443

Request

POST /events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=74678&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
Host: bam.nr-data.net
Connection: keep-alive
Content-Length: 226
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://denotificationservices.portal.finalsiteconnect.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://denotificationservices.portal.finalsiteconnect.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=9c3465ea0195e76f

Response

HTTP/1.1 200 OK

Date: Wed, 15 Nov 2023 18:27:49 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 82698ce97e4f1c9e-AMS
CF-Cache-Status: DYNAMIC
Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
POST

https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=125032&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

chrome.exe

Remote address:

162.247.241.14:443

Request

POST /jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=125032&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
Host: bam.nr-data.net
Connection: keep-alive
Content-Length: 647
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://denotificationservices.portal.finalsiteconnect.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://denotificationservices.portal.finalsiteconnect.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: JSESSIONID=9c3465ea0195e76f

Response

HTTP/1.1 200 OK

Date: Wed, 15 Nov 2023 18:28:39 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 82698e2438951c9e-AMS
CF-Cache-Status: DYNAMIC
Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
DNS

42.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.36.251.142.in-addr.arpa

IN PTR

Response

42.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f101e100net
DNS

137.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.2.101.151.in-addr.arpa

IN PTR

Response
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

14.241.247.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.241.247.162.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301470_10T4S66MXCAC1M054&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301470_10T4S66MXCAC1M054&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 396701
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5EBB69659721407B9C346D8C9738D8E8 Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
date: Wed, 15 Nov 2023 18:26:42 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300903_1I9D73EQ93UVAQQA3&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300903_1I9D73EQ93UVAQQA3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 563338
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6813BECA290245C690AB5C77F58C3A15 Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
date: Wed, 15 Nov 2023 18:26:42 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301037_1F4LYB5BP3D8EEGSO&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301037_1F4LYB5BP3D8EEGSO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 444999
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 702FEBB0BCB54568A8C0ED8DC30B08ED Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
date: Wed, 15 Nov 2023 18:26:42 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 463918
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DAD4959C3F2F40BFB24EF4203BA7B70B Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
date: Wed, 15 Nov 2023 18:26:42 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 501734
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C302D498B7A4CFCA013AF4FE7A42E88 Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
date: Wed, 15 Nov 2023 18:26:42 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 526983
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E150769AE26545E583E332BE0AFA7EBD Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:43Z
date: Wed, 15 Nov 2023 18:26:43 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

126.178.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.178.238.8.in-addr.arpa

IN PTR

Response
DNS

25.77.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.77.123.92.in-addr.arpa

IN PTR

Response

25.77.123.92.in-addr.arpa

IN PTR

a92-123-77-25deploystaticakamaitechnologiescom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

54.191.69.23:443

denotificationservices.bbcportal.com

tls

chrome.exe

1.9kB
7.0kB
13
15
54.191.69.23:443

denotificationservices.portal.finalsiteconnect.com

tls

chrome.exe

19.8kB
891.3kB
364
663
52.21.75.95:443

serverapi.arcgisonline.com

tls

chrome.exe

9.3kB
292.4kB
120
219
52.21.75.95:443

serverapi.arcgisonline.com

tls

chrome.exe

930 B
480 B
8
7
142.251.36.42:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwm42Or4DGFzpxIFDaNMX0gSBQ1b39LDEiwJwy3O0xFBvysSBQ0WMZ7PEgUNGM4RHBIFDaPT_sgSBQ2rAAnrEgUN_-P9TBIQCUqz3lGL_vEDEgUNKVxULQ==?alt=proto

tls, http2

chrome.exe

1.8kB
7.0kB
14
15

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwm42Or4DGFzpxIFDaNMX0gSBQ1b39LDEiwJwy3O0xFBvysSBQ0WMZ7PEgUNGM4RHBIFDaPT_sgSBQ2rAAnrEgUN_-P9TBIQCUqz3lGL_vEDEgUNKVxULQ==?alt=proto
151.101.2.137:443

https://js-agent.newrelic.com/nr-spa-1216.min.js

tls, http2

chrome.exe

2.0kB
27.3kB
19
29

HTTP Request

GET https://js-agent.newrelic.com/nr-spa-1216.min.js

HTTP Response

200
162.247.241.14:443

https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=125032&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

tls, http

chrome.exe

9.2kB
7.7kB
25
27

HTTP Request

GET https://bam.nr-data.net/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=4651&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry&ap=80&be=2413&fe=4428&dc=3810&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1700072793242,%22n%22:0,%22f%22:1519,%22dn%22:1523,%22dne%22:1571,%22c%22:1571,%22s%22:1747,%22ce%22:1959,%22rq%22:1960,%22rp%22:2364,%22rpe%22:2423,%22dl%22:2385,%22di%22:3809,%22ds%22:3810,%22de%22:3844,%22dc%22:4428,%22l%22:4428,%22le%22:4430%7D,%22navigation%22:%7B%7D%7D&fp=3535&fcp=3537&jsonp=NREUM.setToken

HTTP Response

200

HTTP Request

POST https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=5037&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

HTTP Response

200

HTTP Request

POST https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=14657&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

HTTP Response

200

HTTP Request

POST https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=65029&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

HTTP Response

200

HTTP Request

POST https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=74678&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

HTTP Response

200

HTTP Request

POST https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=125032&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&w=1080&h=1920&c=4

tls, http2

101.8kB
3.0MB
2187
2179

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301470_10T4S66MXCAC1M054&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300903_1I9D73EQ93UVAQQA3&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301037_1F4LYB5BP3D8EEGSO&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14

8.8.8.8:53

denotificationservices.bbcportal.com

dns

chrome.exe

82 B
181 B
1
1

DNS Request

denotificationservices.bbcportal.com

DNS Response

54.191.69.23

54.244.115.141
8.8.8.8:53

68.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

68.32.126.40.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

23.69.191.54.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

23.69.191.54.in-addr.arpa
8.8.8.8:53

denotificationservices.portal.finalsiteconnect.com

dns

chrome.exe

96 B
195 B
1
1

DNS Request

denotificationservices.portal.finalsiteconnect.com

DNS Response

54.191.69.23

54.244.115.141
8.8.8.8:53

249.194.19.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

249.194.19.2.in-addr.arpa
8.8.8.8:53

198.52.96.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.52.96.20.in-addr.arpa
8.8.8.8:53

103.94.239.18.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

103.94.239.18.in-addr.arpa
8.8.8.8:53

serverapi.arcgisonline.com

dns

chrome.exe

72 B
165 B
1
1

DNS Request

serverapi.arcgisonline.com

DNS Response

52.21.75.95

52.86.130.216
8.8.8.8:53

198.1.85.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

198.1.85.104.in-addr.arpa
8.8.8.8:53

95.75.21.52.in-addr.arpa

dns

70 B
123 B
1
1

DNS Request

95.75.21.52.in-addr.arpa
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
253 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.251.36.42

172.217.168.234

142.250.179.170

142.250.179.202

142.251.36.10

142.251.39.106

172.217.168.202

172.217.23.202

216.58.208.106

216.58.214.10

142.250.179.138
8.8.8.8:53

js-agent.newrelic.com

dns

chrome.exe

67 B
168 B
1
1

DNS Request

js-agent.newrelic.com

DNS Response

151.101.2.137

151.101.66.137

151.101.130.137

151.101.194.137
8.8.8.8:53

bam.nr-data.net

dns

chrome.exe

61 B
145 B
1
1

DNS Request

bam.nr-data.net

DNS Response

162.247.241.14
8.8.8.8:53

42.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

42.36.251.142.in-addr.arpa
8.8.8.8:53

137.2.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

137.2.101.151.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

14.241.247.162.in-addr.arpa

dns

73 B
138 B
1
1

DNS Request

14.241.247.162.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

126.178.238.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

126.178.238.8.in-addr.arpa
8.8.8.8:53

25.77.123.92.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

25.77.123.92.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\75d54c8a-82c1-4de1-97e9-ad51bfc4672f.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
776b3aa9395ed89a32e8a4f6077573a6

SHA1
0be548b9dbdb4a7b9dbbbe8268d15358d51e9634

SHA256
7a725e2db5c7c6433d52a2bf8cb18ecd189cfffa54dda5a3a75dcd537bcfce25

SHA512
569658bc35eabd13bf3b638e9815260f799e953bdad43b8a5d5b96f5f330a141a55860a4eb03175d7a35773254c85fa5f7829ce093697295d49b87ea8055567a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ef520375d1cfdc63835d080c2f998869

SHA1
1160757038907166d4920121f144fff4a1c695ff

SHA256
a25d39fa9e1f05095d0a4c61bc9be337c2058e93a187029eab5d9a179d61d072

SHA512
e13b1a68ef15df45263063d840b14fcf836780eb79055995a3c5986d6f6dcb147d260a2449548540f87a92afc55852bb86e4232bdfb225e61301343153bdb2e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8592af38ac6daacb5b84d6030b2ea462

SHA1
50614e7a0346a0c2a418ee45b2d181897f62b882

SHA256
e1bbf96cb42e384df902ac97d42e32e5cd9c561eee514ffde4f2525354b29f4a

SHA512
b4fff41290a4542362b0f37a47fdbe0fbf2f4c772643c0be8509b9ade54f8563d2ba955578aedbe3de69d5bfde0743986ee671de2884cb0d4905b19b09ddf62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
75cae19bde598f19bef126b18e1b24ff

SHA1
e4d24faeba2d7ef9937bc62cd350d61163236647

SHA256
0fb107c9251ec7950547500fee8fc7d15e5040e3c27108283b38de0dc9721b8b

SHA512
be727a54712ca638967d290677db8551a2c8d98babcdd48b7db74506a6fa4e60ce1960316b3e69006726b0fef37d65c2b0c3df7a75e04402cb0ffa15e9766d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
23c5d6502a3707ac9c9049eb4c34b2e4

SHA1
259f95f7466041c8385996901bf209801d9a558a

SHA256
ba248f6305f03eafeeef04c2b4371d3429b3e2b526b2089a3638ca4756e4a318

SHA512
cf632305ef158ddd68fe8bd2014c71be05098b8d5f8ca9aaffc8a998cc7c5d0e22bef35a8527c911d329fd91569363d2c5f3f8fd732d28c7e3e0700de6d14afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9973803f00920ff5eec9132b49a4066b

SHA1
cd32d2b3526f6e7a05b564affa59326c5a9afe7d

SHA256
83b14c957880d1a67d3356534e2539b79c6c7b71902bc81a02b453031cb68508

SHA512
61909f3d35ec4bceb2486e8b4e247c58ec328052398ebd054ac669437b0f199b103b077f4338c25f21af5d59005769df4fecd8c428aa0fcecee0fe4ce1a9700e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
8a1991a0d866d5cbf9377015904c0e4a

SHA1
20bedef7c16e0c2eff9659709dbbe64e4695360f

SHA256
76963696c59d7ecdda82c25238eb4959b58c60683128614c4c998c2a271bd62d

SHA512
ec8fc01cdfb0a44ccc19dcf23f97cefedc4c41961f221d07f7536ac528fb4f7e6527d3cb6945d985518772361cccdccc5cd2b59ad0c6192a27fa0867dc56dbe7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.